Monday, December 15, 2014
Updates on CVE-2014-9113 and CVE-2014-9141
Quick update on the two CVE's that were published recently:
CVE-2014-9113
A security update has been released on 12/03/2014 to address the vulnerability in CCH Wolters Kluwer ProSystem fx Engagement. This update corrects the permissions on necessary application services. Please see the online release bulletin for instructions on how to apply the security update.
https://support.cch.com/updates/Engagement/pdf/Services%20Security%20Update%20-%20Release%20Bulletin%20-%20US.pdf
CVE-2014-9141
Contact with vendor has been made. Formal acknowledgement of the issue has not occurred. Detailed documentation of the vulnerability was provided. Documentation demonstrated successful exploitation using the standard installer package and instructions.
Thomson Reuters has changed the support person responsible but have not heard from the newly assigned personnel. Follow up has been requested several times, no change in status since initial report
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment