PT-2014-3705 · Attachmate · Attachmate Verastream Process Designer

Publicado

2014-07-24

Atualizado

2014-07-30

CVE-2014-0607

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Attachmate Verastream Process Designer versions prior to R6 SP1 Hotfix 1

Description The issue allows remote attackers to execute arbitrary code by uploading and launching an executable file due to an unrestricted file upload vulnerability.

Recommendations For versions prior to R6 SP1 Hotfix 1, update to R6 SP1 Hotfix 1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to prevent the execution of arbitrary code.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2014-0607

ZDI-14-269

Produtos afetados

Attachmate Verastream Process Designer

PT-2014-3705 · Attachmate · Attachmate Verastream Process Designer

CVE-2014-0607

Identificadores relacionados

Produtos afetados

Referências · 3