cache-news wrote:
> InterSystems has encountered a critical issue with a number of Cache'
> classes which could allow an attacker to access data on a Cache' server.
For the purpose of this discussion, is it correct to say that any Cache'
system with a database mounted is a server?
> This vulnerability is in classes that are not required on production
> systems and are only used during development. Removing them will have no
> impact on a production system.
And what about development/test systems?
Are they vulnerable but will feel the impact?
Also, the alert says to delete just *.CSP, but is it fine to delete the
entire directories <cachesys>/dev and ./devuser on production systems?
> InterSystems is working on a solution to remove this vulnerability from
> future versions.
I would like to have the vulnerability explained so that
(1) I can assess the threat to non-production systems; and
(2) I can avoid making a similar vulnerability in my code.