关于NC任意文件与命令执行高危漏洞解决方案的公告
漏洞概述
关于文件上传和命令执行高危漏洞的解决方案(修订版本)
国家信息安全漏洞共享平台发布了编号CNVD-C-2022-223079的文件下载高危漏洞、CNVD-C-2022-223080文件上传高危漏洞和编号CNVD-C-2022-223081的命令执行高危漏洞,漏洞会导致在服务器执行任意命令,对服务器造成破坏。另外针对最近多个项目中遇到的FileManagerImpl任意上传文件漏洞也包括进来,共计三个任意文件上传漏洞,以及一个命令执行漏洞。
用友总部紧急提供对应NC、NC Cloud各版本解决方案,请各机构高端客户成功总监负责所属机构所有项目,通知客户修改。
一、文件上传漏洞的解决方案(内容同2022年5月17日 (周二)发文相同)
影响版本:NC65 / NCC1811 / NCC1903 / NCC1909 / NCC2005/ NCC2105 /NCC2111
解决方案:
nc65 https://dsp.yonyou.com/patchcenter/patchdetail/11221652262085976975/0/2
ncc1903 https://dsp.yonyou.com/patchcenter/patchdetail/11221652262146727987/0/2
ncc1909 https://dsp.yonyou.com/patchcenter/patchdetail/10221652262210560489/0/2
ncc2005 https://dsp.yonyou.com/patchcenter/patchdetail/11221652262245181990/0/2
ncc2105 https://dsp.yonyou.com/patchcenter/patchdetail/10221652262288562492/0/2
ncc2111 https://dsp.yonyou.com/patchcenter/patchdetail/11221652262327061993/0/2
二、命令执行漏洞的解决方案(内容同2022年5月17日 (周二)发文相同)
影响版本:NC63 / NC65 / NCC1811 / NCC1903 / NCC1909 / NCC2005
解决方案:
NC63系列打补丁 :
https://dsp.yonyou.com/patchcenter/patchdetail/10211635410361582790/0/2
NC65系列打补丁:
https://dsp.yonyou.com/patchcenter/patchdetail/11221649769630339705/0/2
NCC1811系列打补丁:
https://dsp.yonyou.com/patchcenter/patchdetail/10221652266042747579/0/2
NCC1903 系列打补丁:
https://dsp.yonyou.com/patchcenter/patchdetail/10221652266042747579/0/2
NCC1909 系列打补丁:
https://dsp.yonyou.com/patchcenter/patchdetail/11221652266135908173/0/2
NCC2005 系列打补丁:
https://dsp.yonyou.com/patchcenter/patchdetail/10221652266306516583/0/2
三、文件下载漏洞的解决方案(增加内容)
影响版本:NC57 / NC63 / NC65 / NCC1811 / NCC1903 / NCC1909 / NCC2005
解决方案:
nc57 https://dsp.yonyou.com/patchcenter/patchdetail/11221652858850314336/0/2
nc63 https://dsp.yonyou.com/patchcenter/patchdetail/11221652858918819342/0/2
nc65 https://dsp.yonyou.com/patchcenter/patchdetail/11221652858953356348/0/2
ncc1811 https://dsp.yonyou.com/patchcenter/patchdetail/11221652858996284354/0/2
ncc1903 https://dsp.yonyou.com/patchcenter/patchdetail/11221652858996284354/0/2
ncc1909 https://dsp.yonyou.com/patchcenter/patchdetail/11221652859034656369/0/2
ncc2005 https://dsp.yonyou.com/patchcenter/patchdetail/10221652859092797879/0/2
四、FileManagerImpl任意上传文件漏洞(增加内容)
影响版本:NC63 / NC65 / NCC1811 / NCC1903 / NCC1909 / NCC2005 / NCC2105 / NCC2111
解决方案:
nc63 https://dsp.yonyou.com/patchcenter/patchdetail/10221652865705139121/0/2
nc65 https://dsp.yonyou.com/patchcenter/patchdetail/11221652865743601112/0/2
ncc1811 https://dsp.yonyou.com/patchcenter/patchdetail/11221652865777461118/0/2
ncc1903 https://dsp.yonyou.com/patchcenter/patchdetail/11221652865777461118/0/2
ncc1909 https://dsp.yonyou.com/patchcenter/patchdetail/10221652865819294127/0/2
ncc2005 https://dsp.yonyou.com/patchcenter/patchdetail/11221652865861408134/0/2
ncc2105 https://dsp.yonyou.com/patchcenter/patchdetail/10221652865911722147/0/2
ncc2111 https://dsp.yonyou.com/patchcenter/patchdetail/10221652865955880154/0/2
漏洞得分
更新时间
补丁下载:
https://www.iufida.com/126-136727-0.html
https://www.iufida.com/126-136729-0.html
本站不提供下载资料的技术支持。使用者必须具备技术能力并自行解决问题!否则请勿下载。