CVE-2020-5609

Name of the Vulnerable Software and Affected Versions: CAMS for HIS CENTUM CS 3000 versions R3.08.10 through R3.09.50 CAMS for HIS CENTUM VP versions R4.01.00 through R6.07.00 CAMS for HIS B/M9000CS versions R5.04.01 through R5.05.01 CAMS for HIS B/M9000 VP versions R6.01.01 through R8.03.01

Description: The issue is related to a directory traversal vulnerability in the CAMS for HIS component, which is associated with inadequate path name checking. This allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.

Recommendations: For CAMS for HIS CENTUM CS 3000 versions R3.08.10 through R3.09.50, update to a version outside of this range to resolve the issue. For CAMS for HIS CENTUM VP versions R4.01.00 through R6.07.00, update to a version outside of this range to resolve the issue. For CAMS for HIS B/M9000CS versions R5.04.01 through R5.05.01, update to a version outside of this range to resolve the issue. For CAMS for HIS B/M9000 VP versions R6.01.01 through R8.03.01, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the CAMS for HIS component to minimize the risk of exploitation.