CVE-2007-5289
Last modified
CVE-2007-5289 is a vulnerability of currently unknown severity. HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only.. EPSS estimates a 8.68% chance of exploitation in the next 30 days.
Description
HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Mercury Quality Center | <= 9.2 |
| Hp | Mercury Quality Center | 8.0 |
| Hp | Mercury Quality Center | 8.2 |
| Hp | Mercury Quality Center | 9.0 |
| Hp | Testdirector | All versions |
References
- http://secunia.com/advisories/34015Vendor Advisory
- http://www.kb.cert.org/vuls/id/898865US Government Resource
- http://secunia.com/advisories/34015Vendor Advisory
- http://www.kb.cert.org/vuls/id/898865US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-5289?
How severe is CVE-2007-5289?
How do I fix CVE-2007-5289?
Are you affected by CVE-2007-5289?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST