Thomson Reuters · Thomson Reuters Velocity Analytics Vhayu Analytic Server · CVE-2013-5912
**Name of the Vulnerable Software and Affected Versions**
Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995
**Description**
The issue allows remote attackers to execute arbitrary code via a URL in the `fileName` parameter during an importFile action. This is related to the VhttpdMgr component.
**Recommendations**
For Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995, avoid using the `fileName` parameter in the importFile action until the issue is resolved. As a temporary workaround, consider restricting access to the importFile action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.