Riverbed Technology, Inc. is an American IT company that develops products to improve application performance across wide area networks (WANs), a technique known as WAN optimization.
Its products reduce latency and bandwidth constraints in delivering applications via WANs to multiple locations across long distances. It also develops products to support network and application performance management.
The Security Researchers at Digital Defence have found 4 severe vulnerabilities in the SteelCentral Portal application of the Riverbed Technologies which is one of the leading company in the USA.
Digital Defence Security Research released a post today explaining the vulnerability in the application.
The vulnerability allows an attacker to run an arbitrary code with system privileges however only two out of the four vulnerabilities have such flaw.
“We found a number of methods to bypass access restrictions and take control of appliances from the network,” said Mike Cotton, vice president of research and development at Digital Defense.
The vulnerabilities are said to be present in 1.3.1 and 1.4.0 versions of the software.
The two of the vulnerabilities allowed the remote code execution, provided complete host compromise and Full compromise of all connected SteelCentral data sources.
One vulnerability was Unauthenticated File Upload Remote Code Execution in UploadImageServlet and the other one was Unauthenticated Remote Code Execution via H2 Web Console.
The other two discloses the information via DataSourceService Servlet and roleService Web Service respectively.
However, the Hacker should be present in the network to exploit the vulnerabilities.
Riverbed Technology has already been addressed of the flaws by the Digital Defence Team in the month of January.
The users don’t have to worry as the flaw has been already fixed last week for the software.
Riverbed Technology products are used by more than 90 percent of the Global 500 and according to the vendor’s websites, some SteelCentral customers include TMobile, Michelin, Colgate University and Turner Broadcasting.
Please consider downloading Brave Browser by downloading Brave Browser through our website you won’t only be downloading a great privacy browser you will also be supporting (HackingVision.com). We are not using Google Ads as we respect our users privacy. We encourage you to use an Ad-blocker or a browser that has a built in ad-blocker and other privacy features such as VPN.
- Making Yourself A Free Text To Speech Program In Linux in 5 Minutes! - 27th February 2018
- Norway Healthcare Data Breach, Up to 2.9 Million People Affected - 22nd January 2018
- OnePlus Hacked: 40,000 Customers Affected by the Hack - 21st January 2018