{"vuid":"VU#436214","idnumber":"436214","name":"Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution","keywords":["attachmate","file upload","cwe-22","VHI"],"overview":"The Attachmate Verastream Host Integrator (VHI) is vulnerable to arbitrary file uploads and execution.","clean_desc":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2013-3626\nThe Attachmate VHI Session Server, on all platforms, allows unauthenticated remote attackers to write arbitrary files on the machine in which the product is installed by sending a specially crafted message to the VHI Session Server. The affected versions are: 7.5 SP 1 HF 1\n7.5 SP 1\n7.5\n7.1 SP 2 HF 1 - 6\n7.1 SP 2\n7.1 SP 1\n7.1\n7.0\n6.6\n6.5\n6.0","impact":"An attacker may be able to gain complete control of the server on which the application is installed.","resolution":"Apply a Hotfix\nAttachmate has released a hotfix to address this issue while a patch is being developed. The hotfix can be found at: http://support.attachmate.com/techdocs/2700.html","workarounds":"","sysaffected":"","thanks":"Thanks to Arnold Geels of Attachmate for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://cwe.mitre.org/data/definitions/22.html","http://support.attachmate.com/techdocs/2700.html"],"cveids":["CVE-2013-3626"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-09-23T12:27:20Z","publicdate":"2013-11-04T00:00:00Z","datefirstpublished":"2013-11-04T21:44:30Z","dateupdated":"2013-11-19T22:40:29Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"TF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.3","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.5","cvss_environmentalscore":"1.8897647328","cvss_environmentalvector":"CDP:N/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}