GRAU DATA Security Bulletin
Security Updated Available for Blocky
Date Published: June 25, 2024
GRAU DATA GmbH
info@graudata.com
Summary
GRAU DATA has released a security update for Blocky. This update addresses several vulnerabilities.
Affected Versions
| Product | Version | Platform |
|---|---|---|
| Blocky | Version 2.6.x and 2.7.x | Windows |
Solution
GRAU DATA recommends users update their installation to the newest version. Request update here.
| Product | Version | Platform |
|---|---|---|
| Blocky | Version 3.1 | Windows |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Numbers |
|---|---|---|---|---|---|
| CWE-257: Storing Passwords in a Recoverable Format | Local privilege escalation | Low | 3.9 | CVSS:3.1/AV:L /AC:H/PR:H/U I:N/S:U/C:L/I: L/A:L | CVE-2024- 42012 |
| CWE-602: Client-Side Enforcement of Server-Side Security | Local privilege escalation | Low | 3.9 | CVSS:3.1/AV:L /AC:H/PR:H/U I:N/S:U/C:L/I: L/A:L | CVE-2024- 42013 |
Acknowledgments
GRAU DATA would like to thank the following Initiative for reporting the relevant issues and for working with GRAU DATA to help protect our customers:
• Wolfgang Neufeld, ETAS GmbH – CVE-2024-42012, CVE-2024-42013
Learn more about us
Blocky for Veeam® was developed by GRAU DATA. GRAU DATA specialises in data archiving, data protection and metadata mining. GRAU DATA is a medium-sized company based in Schwäbisch Gmünd near Stuttgart. A strong development team provides innovative software solutions.
