SB2017073103 - Two vulnerabilities in PDQ products
Published: July 31, 2017
Security Bulletin ID
SB2017073103
Severity
High
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2017-9630)
The vulnerability allows remote attacker to bypass authentication on the target system.The weakness exists due to improper authentication. A remote attacker can bypass authentication and gain access to the system.
2) Information disclosure (CVE-ID: CVE-2017-9632)
The vulnerability allows remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to insecure transmission of the provided username and password. A remote attacker can disclose arbitrary files on the system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.