GRAU DATA Security Bulletin
Security Updated Available for Blocky
Date Published: June 25, 2024
Security Updated Available for Blocky
Date Published: June 25, 2024
GRAU DATA has released a security update for Blocky. This update addresses several vulnerabilities.
| Product | Version | Platform | 
|---|---|---|
| Blocky | Version 2.6.x and 2.7.x | Windows | 
GRAU DATA recommends users update their installation to the newest version. Request update here.
| Product | Version | Platform | 
|---|---|---|
| Blocky | Version 3.1 | Windows | 
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Numbers | 
|---|---|---|---|---|---|
| CWE-257: Storing Passwords in a Recoverable Format | Local privilege escalation | Low | 3.9 | CVSS:3.1/AV:L /AC:H/PR:H/U I:N/S:U/C:L/I: L/A:L | CVE-2024- 42012 | 
| CWE-602: Client-Side Enforcement of Server-Side Security | Local privilege escalation | Low | 3.9 | CVSS:3.1/AV:L /AC:H/PR:H/U I:N/S:U/C:L/I: L/A:L | CVE-2024- 42013 | 
GRAU DATA would like to thank the following Initiative for reporting the relevant issues and for working with GRAU DATA to help protect our customers:
• Wolfgang Neufeld, ETAS GmbH – CVE-2024-42012, CVE-2024-42013
Blocky for Veeam® was developed by GRAU DATA. GRAU DATA specialises in data archiving, data protection and metadata mining.