Eduardo Gonzalez Lainez

**Name of the Vulnerable Software and Affected Versions** Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `fileName` parameter during an importFile action. This is related to the VhttpdMgr component. **Recommendations** For Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995, avoid using the `fileName` parameter in the importFile action until the issue is resolved. As a temporary workaround, consider restricting access to the importFile action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.