IWX-CVE-2022-8470 (2022-04-09) ============================== At approximately 00:41 Eastern, April 9, 2022, security researchers disclosed a new vulnerability in the InterWorx SiteWorx Interactive Command Line tool. By modifying a temp file while a multi-line text editor is open, InterWorx could be fooled into reading a different file. Depending on the file in question, disclosure of sensitive information could enable followup attacks beyond the initial data leak. At approximately 19:30 Eastern, April 9, 2022, InterWorx released hotfixes to correct this vulnerability. .. contents:: Affected InterWorx Versions --------------------------- - All InterWorx 6 <= 6.12.2 - All InterWorx 7 <= 7.9.9 Fixed in Versions ----------------- - 7.10.0 - 6.12.x (TBD) Hotfixes Available ------------------ - interworx-hotfix-6.1.26.1577-14 - interworx-hotfix-6.1.26.1626-127 - interworx-hotfix-6.10.1.1856-29 - interworx-hotfix-6.11.1.1929-4 - interworx-hotfix-6.11.2.1931-5 - interworx-hotfix-6.12.0.1943-16 - interworx-hotfix-6.12.1.1964-4 - interworx-hotfix-6.12.2.1984-7 - interworx-hotfix-6.9.0.1810-35 - interworx-hotfix-7.4.1.1851-13 - interworx-hotfix-7.9.3.1969-4 - interworx-hotfix-7.9.6.1987-4 - interworx-hotfix-7.9.7.1991-4 - interworx-hotfix-7.9.8.2025-2 Installation and Verification ----------------------------- On a standard InterWorx installation, hotfixes are automatically applied every 6 hours. To verify if a system has been patched: #. Log in to the server at the CLI as root, either via SSH or from the terminal #. At the CLI, run the following command, and compare the output to the list above: .. code-block:: rpm -q interworx-hotfix #. If the version listed in the command output is not in the list above, run the following to attempt to install the latest hotfix: .. code-block:: ~iworx/bin/hotfix.pex --install --force #. Check the list, again .. code-block:: rpm -q interworx-hotfix If the hotfix version in the command output is still not one found in the above list, please :doc:`enable Remote Assistance ` and then `open a support ticket with InterWorx support `__.