Hillstone Networks

RULE（RULE ID：333356）

Rule General Information


Release Date:		2021-03-30

Rule Name:		Seeyon OA A8 htmlofficeservlet Arbitrary File Upload Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Seeyon OA A8 Collaborative management platform is a collaborative management software for medium and large enterprises. The htmlofficeservlet interface of Seeyon OA A8 V7.1, V7.0, V7.0sp1, V7.0sp2, V7.0sp3 has arbitrary file upload vulnerability. Ranged attackers in the case of without login can send/seeyon htmlofficeservlet carefully constructed a POST request, to write any target server files, after the success of the writing can perform any system command and control the target server.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81