Thomson Reuters Information for VU#893462

Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

For customers who have TREP-VA deployed on platforms which are in trusted networks and do not allow inbound connections from untrusted networks, the http interface would not be vulnerable.

Vendor References

https://customers.reuters.com/a/support/technical/softwaredownload/download.aspx?productVersionReleaseId=20287

https://customers.reuters.com/a/support/paz/Default.aspx?pId=9117

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.