CVE-2014-5370

Name of the Vulnerable Software and Affected Versions New Atlanta BlueDragon versions prior to 7.1.1.18527

Description The issue allows remote attackers to potentially read or delete arbitrary files due to a directory traversal vulnerability in the CFChart servlet. This is achieved by including a .. (dot dot) in the QUERY STRING to cfchart.cfchart.

Recommendations For versions prior to 7.1.1.18527, update to version 7.1.1.18527 or later to resolve the issue. As a temporary workaround, consider restricting access to the CFChart servlet to minimize the risk of exploitation.