Arbitrary Code Execution Risk in HP Mercury Quality Center and TestDirector
CVE-2007-5289

Currently unrated

Key Information:

Vendor

HP
Status
Mercury Quality Center
Testdirector
Vendor
CVE Published:
24 February 2009

What is CVE-2007-5289?

HP Mercury Quality Center versions 9.2 and earlier, along with TestDirector, contain a vulnerability that exploits the reliance on cached client-side scripts to manage user workflows and access capabilities. By leveraging the Open Test Architecture (OTA) API, an attacker can manipulate specific files including common.tds, defects.tds, manrun.tds, req.tds, testlab.tds, and testplan.tds located in the temporary directory. Setting these files to read-only can facilitate unauthorized remote code execution, posing significant risks to system integrity and data security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/34046
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/501177/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/33854
vdb-entryx_refsource_BID

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.