Latest post Wed, Jul 15 2015 4:31 AM by mariosahertian. 6 replies.
Page 1 of 1 (7 items)
Sort Posts: Previous Next
  • Sun, Jul 12 2015 5:31 AM

    High Risk Vulnerability in MediaCentral & iNews server

    Hello all..

    Im a security researcher and im working at news company that using Avid systems (Media Composer, MediaCentral, iNews, Interplay, ISIS etc). As a security researcher my concern is are this systems save or not.

    Im doing a penetration test to Avid product that use web based application and i found a High Risk Vulnerability in MediaCentral and iNews server. I was able to exploit the vulnerability and read restricted files on servers also gain access to the server. In ISIS Storage Manager web based application i found an Cross Site Scripting (XSS) vulnerability.

    I like to discuss the vulnerability details with the Avid engineer or developer. Can i posted the proof of concept here or should in private?

    Sorry for my bad english. Thank you.

  • Sun, Jul 12 2015 6:01 AM In reply to

    Re: High Risk Vulnerability in MediaCentral & iNews server

    mariosahertian:
    Can i posted the proof of concept here or should in private?

    I forwarded a link to this post to Marianna Montague at Avid.  If you don't hear from her in a day or two, you can email her at marianna.montague@avid.com.  She is Avid's customer advocate, and can get your information to the right people.

    Media Composer 2018.12 w/Symphony/SS/PF options, HP Envy 17t-j100 Quad Edition laptop, Windows 10 Pro, Intel Core i7 2.4GHz, 16 GB RAM, nVidia GeForce... [view my complete system specs]

    "There is hardly anything in the world that some man cannot make a little worse and sell a little cheaper, and the people who only consider the price are this man's lawful prey."  - John Ruskin (1819-1900)

     

    Carl Amoscato | Freelance Film & Video Editor | London, UK

  • Sun, Jul 12 2015 6:12 AM In reply to

    Re: High Risk Vulnerability in MediaCentral & iNews server

    Thank you for fast response camoscato. I'll wait in a day or two if there is no respond from her i'll send an email. Yes

  • Mon, Jul 13 2015 8:45 PM In reply to

    • Marianna
    • Top 25 Contributor
    • Joined on Thu, Oct 13 2005
    • Avid
    • Posts 10,018
    • Points 215,715
    • Avid Beta Moderators
      Avid Customer Advocate
      Avid Developer Moderator
      BlogAuthor
      SystemAdministrator

    Re: High Risk Vulnerability in MediaCentral & iNews server

    Mario

    Have you spoken with support directly?

    Email me off forum.... all the info and specs

    Marianna

    Director of Online Communities and Forums/Customer Advocate [view my complete system specs]

    marianna.montague@avid.com

    mobile 813-493-6800

    Twitter:  avidmarianna

    Facebook: Marianna Montague

    www.avidcustomerassociation.com   |  Connect 2019 | April 6-7 | Aria, Las Vegas, NV

    WWLD

  • Tue, Jul 14 2015 5:28 AM In reply to

    Re: High Risk Vulnerability in MediaCentral & iNews server

    Email sent. Have you receive it? Smile

  • Tue, Jul 14 2015 4:02 PM In reply to

    • Marianna
    • Top 25 Contributor
    • Joined on Thu, Oct 13 2005
    • Avid
    • Posts 10,018
    • Points 215,715
    • Avid Beta Moderators
      Avid Customer Advocate
      Avid Developer Moderator
      BlogAuthor
      SystemAdministrator

    Re: High Risk Vulnerability in MediaCentral & iNews server

    Just got it... I get a few thousand a day so I work one by one to chip away.

    I am going to read it now

    Marianna

    Director of Online Communities and Forums/Customer Advocate [view my complete system specs]

    marianna.montague@avid.com

    mobile 813-493-6800

    Twitter:  avidmarianna

    Facebook: Marianna Montague

    www.avidcustomerassociation.com   |  Connect 2019 | April 6-7 | Aria, Las Vegas, NV

    WWLD

  • Wed, Jul 15 2015 4:31 AM In reply to

    Re: High Risk Vulnerability in MediaCentral & iNews server

    Ok. I'll wait for your respond.

    Thank you Marianna. Yes

Page 1 of 1 (7 items)

© Copyright 2011 Avid Technology, Inc.  Terms of Use |  Privacy Policy |  Site Map |  Find a Reseller