CVE-2014-0607 – Attachmate Verastream Process Designer Process Server Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-0607

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file. Vulnerabilidad de subida de ficheros sin restricciones en Attachmate Verastream Process Designer (VPD) anterior a R6 SP1 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario mediante la subida y el lanzamiento de un fichero ejecutable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Verastream Process Designer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the 'DeploymentService' Axis web service. This web service is not protected by authentication requirements and suffers from a directory traversal vulnerability. • http://support.attachmate.com/techdocs/2700.html •