GRAU DATA Security Bulletin
Security Updated Available for Blocky
Date Published: June 25, 2024
GRAU DATA GmbH
info@graudata.com
Summary
GRAU DATA has released a security update for Blocky. This update addresses several vulnerabilities.
Affected Versions
| Product | Version | Platform |
|---|---|---|
| Blocky | Version 2.6.x and 2.7.x | Windows |
Solution
GRAU DATA recommends users update their installation to the newest version:
| Product | Version | Platform | Availability |
|---|---|---|---|
| Blocky | Version 3.1 | Windows | support@graudata.com |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Numbers |
|---|---|---|---|---|---|
| CWE-257: Storing Passwords in a Recoverable Format | Local privilege escalation | Low | 3.9 | CVSS:3.1/AV:L /AC:H/PR:H/U I:N/S:U/C:L/I: L/A:L | CVE-2024- 42012 |
| CWE-602: Client-Side Enforcement of Server-Side Security | Local privilege escalation | Low | 3.9 | CVSS:3.1/AV:L /AC:H/PR:H/U I:N/S:U/C:L/I: L/A:L | CVE-2024- 42013 |
Acknowledgments
GRAU DATA would like to thank the following Initiative for reporting the relevant issues and for working with GRAU DATA to help protect our customers:
• Wolfgang Neufeld, ETAS GmbH – CVE-2024-42012, CVE-2024-42013
Erfahren Sie mehr über uns
Blocky for Veeam® wurde von GRAU DATA entwickelt. GRAU DATA ist der Spezialist für Datenarchivierung, Data Protection & Metadata-Mining. GRAU DATA ist ein mittelständisches Unternehmen mit Sitz in Schwäbisch Gmünd bei Stuttgart. Eine starke Entwicklungsmannschaft sorgt für innovative Software-Lösungen.
