Today (June 26, 2019), there are early warning and security researchers released a high-risk security vulnerabilities on Zhiyuan OA system on the Internet, *** can remotely execute arbitrary code in the case of unauthorized vulnerability through an interface, ultimately control the entire system permissions. It is reported by the OA system Zhiyuan UF Zhiyuan Internet's collaborative management software system, in many domestic central enterprises, large companies have a wide range of applications.
404 Year-known loophole laboratory immediately start emergency procedures, determine the vulnerability exists in some models and versions Zhiyuan OA system in a Servlet interface lacks the necessary security filter, *** finally allowed to remotely execute arbitrary code, and the interface without authentication to access, great harm.
Year-by know its ZoomEye cyberspace search engine search results, a global total of 29,425 open records Zhiyuan OA system, China is a majority of 29,247 in Beijing, Guangdong, Sichuan and other provinces.
![[Laboratory] know Chong Yu Zhiyuan 404 OA System Remote arbitrary code execution vulnerability in high-risk security warning](https://s1.51cto.com/images/blog/201906/26/33a2363d6c9de0222a42c229779a254b.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
Thus know Chuangyu 404 laboratory has been actively issued an emergency warning vulnerabilities, we recommend all users Zhiyuan OA system to pay attention, pay attention to prevention, after determining knew Chong Yu's cloud security and defense products "Year-shield" no need to upgrade to the defense vulnerability.
Temporary program recommendations:
1. Enable know Chong Yu's cloud security and defense products "Year-shield."
2, actively contact Zhiyuan OA system http://www.seeyon.com for technical support or contact 404 Year-known laboratories to provide temporary solutions (Tel: 4001610866).