This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions.

The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.

A malicious unauthorized PAM user can access the administration configuration data and change the values.