PT-2004-2518 · Sage · Saleslogix

Carl Livitt

Published

2004-10-18

Updated

2016-10-18

CVE-2004-1610

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SalesLogix version 6.1

Description The issue allows remote authenticated users to potentially create arbitrary files and execute code. This is achieved by using client-specified pathnames for writing certain files, specifically through the vMME.AttachmentPath or vMME.LibraryPath variables.

Recommendations For SalesLogix version 6.1, consider restricting access to the vMME.AttachmentPath and vMME.LibraryPath variables to minimize the risk of exploitation. Additionally, limit the ability of remote authenticated users to write files to specific directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1610

Affected Products

Saleslogix

PT-2004-2518 · Sage · Saleslogix

CVE-2004-1610

Related Identifiers

Affected Products

References · 2