CHT Security Red Team Discovered Vulnerability in Well-Known Opentext PVCS Version Manager
Summary
Vulnerability List
[CVE-2024-1147] – Arbitrary File Download
[CVE-2024-1148] – Arbitrary File Upload
Details
1. Arbitrary File Download
Description
The download function allows attackers to download files from the server without proper authentication and input validation.
Impact
Attacker can download the files of the target machine for further analysis, possibly sensitive information or even execute arbitrary code.
Known Affected Software
- Version between 8.6.3 and 8.6.3.2.
Credits
- redblaze (CHT Security)
2. Arbitrary File Upload
Description
The upload function allows attackers to upload files to the server without proper authentication and input validation.
Impact
Attacker can upload malicious files to target machine, achieving remote code execution.
Known Affected Software
- Version between 8.6.3 and 8.6.3.2.
Credits
- redblaze (CHT Security)