|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
WebIntelligence contains a flaw that may allow a malicious user to delete arbitrary documents. The issue is triggered when authennticated user without delete permission accesses specially crafted URL containing docuement ID and name. It is possible that the flaw may allow document deletion resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patches to address this vulnerability.
WebIntelligence 2.7.0 - 2.7.2 & InfoView 5.1.4 - 5.1.6 (SP4-SP6)
Upgrade to SP7 or SP8 and apply available patches
WebIntelligence 2.7.3 & InfoView 5.1.7 (SP7)
Download the update for Windows, Windows JP,Sun, AIX, & HP (CSP860)
WebIntelligence 2.7.4 & InfoView 5.1.8 (SP8)
Download the update for Windows, Windows JP,Sun, AIX, & HP (CSP864)
|
|
Products |
|
WebIntelligence
 |
2.7.4 |
|
|
|
|
Credit |
- Stephen de Vries - stephen
 corsaire.com - Corsaire
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
