Home
affected
Description
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
Problem types
CWE-434 Unrestricted Upload of File with Dangerous Type
Product status
References
www.kb.cert.org/vuls/id/317469
partnersoftware.com/resources/software-release-info-4-32/