AutoFORM PDM Archive Multiple Security Vulnerabilities
BID:53716
Info
AutoFORM PDM Archive Multiple Security Vulnerabilities
| Bugtraq ID: | 53716 |
| Class: | Unknown |
| CVE: |
CVE-2012-1827 CVE-2012-1828 CVE-2012-1829 |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2012 12:00AM |
| Updated: | May 29 2012 12:00AM |
| Credit: | David Elze of Daimler TSS |
| Vulnerable: |
EFS Technology AutoFORM PDM 0 |
| Not Vulnerable: |
EFS Technology AutoFORM PDM 6.9.20 EFS Technology AutoFORM PDM 7.1 EFS Technology AutoFORM PDM 7.0 |
Discussion
AutoFORM PDM Archive Multiple Security Vulnerabilities
AutoFORM PDM Archive is prone to multiple security vulnerabilities:
1. An access-bypass vulnerability
2. A privilege-escalation vulnerability
3. A command-execution vulnerability
4. A cross-site request-forgery vulnerability
Attackers can exploit these issues to perform unauthorized actions in the context of a user's
session, to obtain sensitive information, to execute arbitrary code, to elevate privileges, or to cause a denial-of-service condition.
AutoFORM PDM Archive is prone to multiple security vulnerabilities:
1. An access-bypass vulnerability
2. A privilege-escalation vulnerability
3. A command-execution vulnerability
4. A cross-site request-forgery vulnerability
Attackers can exploit these issues to perform unauthorized actions in the context of a user's
session, to obtain sensitive information, to execute arbitrary code, to elevate privileges, or to cause a denial-of-service condition.
Exploit / POC
AutoFORM PDM Archive Multiple Security Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
AutoFORM PDM Archive Multiple Security Vulnerabilities
Solution:
The vendor released an update to address these issues. Please see the references for more information.
Solution:
The vendor released an update to address these issues. Please see the references for more information.
References
AutoFORM PDM Archive Multiple Security Vulnerabilities
References:
References:
- AutoFORM PDM Archive Homepage (EFS Technology)
- VU#773035: AutoFORM PDM Archive contains multiple vulnerabilities (US-CERT)