Critical RCE vulnerability discovered in Perforce Helix Core Server

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning government, military, technology, retail, and more.

Perforce Server customers are strongly urged to update to version 2023.1/2513900. The most critical of the four vulnerabilities has a CVSS score of 10.0 because it allows for arbitrary remote code execution as LocalSystem by unauthenticated remote attackers.

Read more…
Source: Microsoft