Vulnerability Note VU#773035
AutoFORM PDM Archive contains multiple vulnerabilities
AutoFORM PDM Archive contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application.
According to AutoFORM's website AutoFORM PDM Archive is a comprehensive output management solution that encompasses document creation, design and electronic distribution with a fully integrated online document archiving and viewing system. AutoFORM PDM Archive software contains multiple vulnerabilities.
CWE-648: Incorrect Use of Privileged APIs CVE-2012-1827:
CWE-287: Improper Authentication CVE-2012-1828:
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2012-1829:
A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition or execute arbitrary code with the privileges of the application.
Apply an Update
Issue 1 is fixed in AutoFORM PDM Archive 7.1 - released 4th May 2012.
Issue 2 is fixed in AutoFORM PDM Archive 7.1 - released 4th May 2012.
Issue 3 is fixed in AutoFORM PDM Archive 7.0 - released 9th November 2011.
Issue 4 is fixed in AutoFORM PDM Archive 6.920 - released 9th November 2010.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|EFS Technology||Affected||22 Feb 2012||10 May 2012|
CVSS Metrics (Learn More)
Thanks to David Elze of Daimler TSS GmbH for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-1827 CVE-2012-1828 CVE-2012-1829
- Date Public: 29 May 2012
- Date First Published: 29 May 2012
- Date Last Updated: 30 May 2012
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.