First published: Mon Apr 25 2022(Updated: )
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canon Irisnext | <=9.8.28 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26111 is a vulnerability in the BeanShell components of IRISNext through version 9.8.28 that allows for the execution of arbitrary commands on the target server.
CVE-2022-26111 has a severity rating of 8.8 (critical).
CVE-2022-26111 affects IRISNext versions up to and including 9.8.28.
CVE-2022-26111 can be exploited by creating a custom search or editing an existing/predefined search of the documents, and adding BeanShell expressions that result in remote code execution.
Yes, you can find references for CVE-2022-26111 at the following URLs: [https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf](https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf) and [https://varsnext.iriscorporate.com/](https://varsnext.iriscorporate.com/).