PT-2013-5865 · Thomson Reuters · Thomson Reuters Velocity Analytics Vhayu Analytic Server

Eduardo Gonzalez Lainez

Publicado

2013-11-28

Atualizado

2013-11-29

CVE-2013-5912

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995

Description The issue allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action. This is related to the VhttpdMgr component.

Recommendations For Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995, avoid using the fileName parameter in the importFile action until the issue is resolved. As a temporary workaround, consider restricting access to the importFile action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2013-5912

Produtos afetados

Thomson Reuters Velocity Analytics Vhayu Analytic Server

PT-2013-5865 · Thomson Reuters · Thomson Reuters Velocity Analytics Vhayu Analytic Server

CVE-2013-5912

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3