CVE-2007-5289

NONECVSS 0.0

0.0

HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only.

🔗 References (16)

cve@mitrehttp://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/
cve@mitrehttp://secunia.com/advisories/34015
cve@mitrehttp://secunia.com/advisories/34046
cve@mitrehttp://www.kb.cert.org/vuls/id/898865
cve@mitrehttp://www.securityfocus.com/archive/1/501177/100/0/threaded
cve@mitrehttp://www.securityfocus.com/archive/1/501219/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/33854
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/48860
af854a3a-2127-422b-91ae-364da2661108http://blogs.exposit.co.uk/2009/02/23/vulnerability-in-quality-center/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34015
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34046
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/898865
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501177/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501219/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33854

Is Your Infrastructure Affected by CVE-2007-5289?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-5289

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-5289?