The Microsoft Azure Site Recovery installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:
– A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-26898)
– An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-26897, CVE-2022-26896)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More