VISAM Automation Base (VBASE) (ICSA-20-084-01)

CISA has published an advisory on relative path traversal, incorrect default permissions, inadequate encryption strength, insecure storage of sensitive information, and stack-based buffer overflow vulnerabilities in VISAM Automation Base (VBASE). VBASE Editor, version 11.5.0.2 and VBASE Web-Remote Module are affected. Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login. VISAM has not yet responded to provide mitigations for these vulnerabilities. In the meantime, CISA recommends a series of defensive measures to minimize the risk of exploitation of the vulnerabilities. Read the advisory at CISA.