ProblemThe critical security vulnerability PBA-46481 was found in Parallels Business Automation 5.x for Linux.
This vulnerability allows remote attacker to read files on PBA application server.
This KB article specifies exact steps you need to follow in order to protect your system.
The fix applies rewrite rules that prevent malicious URLs to be passed into application.
The complete fix is released with PBA 5.4.13 update.
Note: Parallels Business Automation 5.x for Windows environments are not affected.
In order to install this hotfix you need to perform below steps:
1. Log in to PBA application server as user root.
2. Change directory:
3. Run configuration script:
4. Verify that hotfix was installed - see the following in script output (or in /usr/local/bm/log/pba_hotfixes.log):
[DATE] Downloading pba-hf115840.sh ... [DONE]
[DATE] Installing hotfix "PBA 5.4 HF 115840" ... [DONE]
Q1. Will hotfix installation cause downtime of any services?
A1. Only Apache service will be restarted on PBA Application server during hotfix installation.
Q2. What exactly will be installed by running the configure.pl script - only required hotfix or something else?
A2. Very small chances that something else apart the required hotfix will be installed, particular update may have other hotfixes, e.g. PBA 5.4.9 has hotfix KB 115304, it should be already installed.