Vulnerability Note VU#436214
Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution
The Attachmate Verastream Host Integrator (VHI) is vulnerable to arbitrary file uploads and execution.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2013-3626
The Attachmate VHI Session Server, on all platforms, allows unauthenticated remote attackers to write arbitrary files on the machine in which the product is installed by sending a specially crafted message to the VHI Session Server. The affected versions are:
An attacker may be able to gain complete control of the server on which the application is installed.
Apply a Hotfix
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Attachmate||Affected||02 Oct 2013||10 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Arnold Geels of Attachmate for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2013-3626
- Date Public: 04 Nov 2013
- Date First Published: 04 Nov 2013
- Date Last Updated: 19 Nov 2013
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.