You are here

V-022: Attachmate Reflection Products Java Multiple Vulnerabilities

November 13, 2012 - 1:00am

Addthis

PROBLEM:

Attachmate Reflection Products Java Multiple Vulnerabilities

PLATFORM:

Reflection X 2011
Reflection Suite for X 2011
Reflection for Secure IT Server for Windows
Reflection for Secure IT Client and Server for UNIX

ABSTRACT:

Security issues related to Reflection PKI Services Manager

REFERENCE LINKS:

PKI Services Manager Technical Note 2560
Secunia Advisory SA51256
CVE-2012-0551
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1720
CVE-2012-1721
CVE-2012-1722
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
CVE-2012-1726

IMPACT ASSESSMENT:

High

DISCUSSION:

Attachmate has acknowledged multiple vulnerabilities in some Reflection products, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

IMPACT:

Cross Site Scripting
Manipulation of data
Exposure of sensitive information
DoS
System access from remote

SOLUTION:

Apply Service Pack 1

 

 

Addthis