LoFP LoFP / t1499

t1499

TitleTags
serious issues with a configuration or plugin
the vulnerability requires an authenticated session and access to create an investigation. it only affects the availability of the investigations manager, but without the manager, the investigations functionality becomes unusable for most users. this search gives the exact offending event.
this is a hunting search it should be focused on affected products, otherwise it is likely to produce false positives.
this search may reveal non malicious zip files causing errors as well.
this search will show the exact dos event via error message and investigation id. the error however does not point exactly at the uploader as any users associated with the investigation will be affected. operator must investigate using investigation id the possible origin of the malicious upload. attack only affects specific investigation not the investigation manager.
unlikely