PT-2014-3705 · Attachmate · Attachmate Verastream Process Designer

Published

2014-07-24

Updated

2014-07-30

CVE-2014-0607

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Attachmate Verastream Process Designer versions prior to R6 SP1 Hotfix 1

Description The issue allows remote attackers to execute arbitrary code by uploading and launching an executable file due to an unrestricted file upload vulnerability.

Recommendations For versions prior to R6 SP1 Hotfix 1, update to R6 SP1 Hotfix 1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to prevent the execution of arbitrary code.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-0607

ZDI-14-269

Affected Products

Attachmate Verastream Process Designer

PT-2014-3705 · Attachmate · Attachmate Verastream Process Designer

CVE-2014-0607

Related Identifiers

Affected Products

References · 3