Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting

[Stefano Zanero <s.zanero () securenetwork it>]

Dear all,

just in order to give complete information, after being contacted by the
vendor (thanks !) we can confirm the following version information:

> Systems affected: Plunet BusinessManager 4.1

Therefore, the vendor recommended fix is as follows:

> *** FIX INFORMATION ***

Upgrade Plunet BusinessManager to the latest available version, and in
any case to a version >=4.2

Our advisory has been updated to reflect this new information:
http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt

For the records, what apparently happened is that our first advisory was
correctly received and immediately acted upon by the vendor, but we
never received an acknowledgment and fix information afterwards for some
communication mishap. Our later contact attempts did not apparently
reach the appropriate person(s) inside the company.

We thank the vendor for working with us on this.

Best regards,
Stefano Zanero