CVE-2004-1610

Name of the Vulnerable Software and Affected Versions SalesLogix version 6.1

Description The issue allows remote authenticated users to potentially create arbitrary files and execute code. This is achieved by using client-specified pathnames for writing certain files, specifically through the vMME.AttachmentPath or vMME.LibraryPath variables.

Recommendations For SalesLogix version 6.1, consider restricting access to the vMME.AttachmentPath and vMME.LibraryPath variables to minimize the risk of exploitation. Additionally, limit the ability of remote authenticated users to write files to specific directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.