RHQ Mongo DB Drift Server vulnerability

Overview :

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.

Affected Product(s) :

RHQ Mongo DB Drift Server

Vulnerability Details :

CVE ID :	CVE-2013-4374
	A flaw was identified in how MongoDBDriftServer instances saved change sets. When unpacking a given zip file, the saveChangeSetFiles method creates and extracts to a predictable temporary directory. Once extracted all files in this directory are stored. This allows a local attacker to provide their own change set to be imported into the server instance.

Solution :
This depends mostly on the Impact of the vulnerability and the Life Cycle phase in which your product is currently in. Overall, you have the following options:

Upgrade to a supported product version that includes a fix for this vulnerability (recommended)
Apply a mitigation (if one exists)
Open a support case to request a prioritization of releasing a fix for this vulnerability

Contact us to get started

CVE-2023-32306 : TIME TRACKER UP TO 1.22.13.5791 REPORTS.PHP SQL INJECTION

Description Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running

Learn more

CVE-2023-1834 : ROCKWELL AUTOMATION KINETIX 5500 7.13 TELNET/FTP ACCESS CONTROL

Description Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running

Learn more

CVE-2023-2645 : USR USR-G806 1.0.41 WEB MANAGEMENT PAGE USERNAME/PASSWORD HARD-CODED PASSWORD

Description A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of

Learn more