Vulnerability Note VU#592942
SearchBlox contains multiple vulnerabilities
SearchBlox contains multiple vulnerabilities that can allow an unauthenticated attacker to overwrite critical data on the filesystem, read cleartext user credentials, or execute arbitrary code on a vulnerable system.
SearchBlox versions 7.4 Build 1 and older contain multiple vulnerabilities that allow an unauthenticated attacker to compromise the integrity of the system and the confidentiality of its data. Specifically:
CWE-77: Command Injection - CVE-2013-3590
An unauthenticated remote attacker could compromise the confidentiality of the system's data, perform arbitrary code execution, overwrite data on the filesystem with the application's privileges, and compromise the availability of the system.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SearchBlox||Affected||26 Jun 2013||07 Aug 2013|
CVSS Metrics (Learn More)
Thanks to Ricky Roane Jr. for reporting this vulnerability.
This document was written by Todd Lewellen.
- CVE IDs: CVE-2013-3590 CVE-2013-3597 CVE-2013-3598
- Date Public: 12 Aug 2013
- Date First Published: 23 Aug 2013
- Date Last Updated: 23 Aug 2013
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.