SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Attachmate Verastream Vendors:   AttachmateWRQ
Attachmate Verastream Process Designer File Upload Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1030691
SecurityTracker URL:  http://securitytracker.com/id/1030691
CVE Reference:   CVE-2014-0607   (Links to External Site)
Date:  Aug 7 2014
Impact:   Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VPD R6 SP1 and prior
Description:   A vulnerability was reported in Attachmate Verastream Process Designer. A remote user can upload arbitrary files to execute arbitrary code on the target system.

No details were provided.

Andrea Micalizzi, aka rgod, reported this vulnerability (via HP's Zero Day Initiative).

Impact:   A remote user can upload arbitrary files to execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (R6 SP1 Hotfix 1 (build 1010)) [in July 2014].

The vendor's advisory is available at:

http://support.attachmate.com/techdocs/2700.html

Vendor URL:  support.attachmate.com/techdocs/2700.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (Solaris - SunOS), Windows (2008), Windows (2012), Windows (7), Windows (8)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC