Research And Engineering Studio (Res)
Approved changes feed: RSS · Atom
cpe:2.3:a:aws:research_and_engineering_studio_(res):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aws (e6707f00-6abb-51df-808c-9e3417305027) |
|---|---|
| Product | Research And Engineering Studio (Res) (9d0e2fad-5a93-512b-900b-8743f5c9f839) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-5709 |
vulnerable | 2026-06-03 15:26:27.502688 |
AWS Research and Engineering Studio (RES) FileBrowser Command Injection
HIGH (8.8)
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality.
To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Published: 2026-04-06T21:32:04.058Z
Updated: 2026-04-07T15:09:14.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5708 |
vulnerable | 2026-06-03 15:26:27.502334 |
Improper Control of User-Modifiable Attributes in RES CreateSession API
HIGH (8.8)
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request.
To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Published: 2026-04-06T21:28:03.951Z
Updated: 2026-04-07T15:09:25.916Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5707 |
vulnerable | 2026-06-03 15:26:27.499848 |
Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)
HIGH (8.8)
Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.
To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
Published: 2026-04-06T21:25:48.404Z
Updated: 2026-04-07T15:09:31.614Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12815 |
not_vulnerable | 2026-06-03 14:58:45.031382 |
Details available
MEDIUM (4.3)
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.
To mitigate this issue, users should upgrade to version 2025.09 or above.
Published: 2025-11-06T17:10:34.559Z
Updated: 2025-11-12T15:30:15.903Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.