# Software Engineering Institute

## CERT Coordination Center

### Solution

 Upgrade to the latest version of the softwareVersion 4.14 of the ScriptLogic software has been tested by the CERT/CC and shown not to contain the vulnerability. Users of potentially vulnerable versions of the software are encouraged to upgrade to this version.

813737

### ScriptLogic Corporation Affected

Notified:  October 21, 2002 Updated: April 30, 2003

Affected

### Vendor Statement

ScriptLogic Corporation does not agree with CERT/CC’s assessment and does not consider this to be a vulnerability. Additionally, ScriptLogic has never received any reports from customers regarding this alleged vulnerability in any version of the software.

ScriptLogic agrees with CERT’s assessment that version 4.14 of ScriptLogic does not contain this alleged vulnerability.

ScriptLogic encourages all customers to use the most current version of the software. The current version is available for download at the ScriptLogic web support center located at http://www.scriptlogic.com/support/scriptlogic/sl40/default.asp.

### Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

### CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

### Acknowledgements

This document was written by Chad R Dougherty. Technical assistance during testing was provided by Art Manion and Matt Lytle. The CERT/CC appreciates ScriptLogic, Inc.'s cooperation in providing an updated copy of the software for the purpose of vulnerability testing.

### Other Information

 CVE IDs: None Severity Metric: 1.26 Date Public: 2003-04-30 Date First Published: 2003-04-30 Date Last Updated: 2003-05-01 18:04 UTC Document Revision: 30