PT-2007-4534 · Xythos · Xythos Digital Locker+2
Publicado
2007-06-27
·
Atualizado
2018-10-16
·
CVE-2007-3255
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Xythos Enterprise Document Manager versions prior to 5.0.25.8
Xythos Enterprise Document Manager versions 6.x prior to 6.0.46.1
Xythos Digital Locker versions prior to 5.0.25.8
Xythos Digital Locker versions 6.x prior to 6.0.46.1
Xythos WebFile Server (affected versions not specified)
Description
The issue allows remote authenticated users to execute commands as arbitrary users. This can be achieved via a saved Workflow name or the Content-Type HTTP header.
Recommendations
For Xythos Enterprise Document Manager versions prior to 5.0.25.8, update to version 5.0.25.8 or later.
For Xythos Enterprise Document Manager versions 6.x prior to 6.0.46.1, update to version 6.0.46.1 or later.
For Xythos Digital Locker versions prior to 5.0.25.8, update to version 5.0.25.8 or later.
For Xythos Digital Locker versions 6.x prior to 6.0.46.1, update to version 6.0.46.1 or later.
For Xythos WebFile Server, at the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Xythos Digital Locker
Xythos Enterprise Document Manager
Xythos Webfile Server