CVE-2009-4511

Name of the Vulnerable Software and Affected Versions TANDBERG Video Communication Server (VCS) versions prior to X5.1

Description The issue concerns multiple directory traversal vulnerabilities in the web administration interface. These vulnerabilities allow remote authenticated users to read arbitrary files by utilizing a .. (dot dot) in the page parameter to specific API endpoints, such as "helppage.php" or "user/helppage.php".

Recommendations For versions prior to X5.1, update to version X5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the helppage.php and user/helppage.php endpoints until a patch is available. Avoid using the page parameter in these affected API endpoints until the issue is resolved.