SearchBlox contains multiple vulnerabilities that can allow an unauthenticated attacker to overwrite critical data on the filesystem, read cleartext user credentials, or execute arbitrary code on a vulnerable system.
SearchBlox versions 7.4 Build 1 and older contain multiple vulnerabilities that allow an unauthenticated attacker to compromise the integrity of the system and the confidentiality of its data. Specifically:
CWE-77: Command Injection - CVE-2013-3590
An unauthenticated remote attacker could compromise the confidentiality of the system's data, perform arbitrary code execution, overwrite data on the filesystem with the application's privileges, and compromise the availability of the system.
Apply an Update
Thanks to Ricky Roane Jr. for reporting this vulnerability.
This document was written by Todd Lewellen.