Rocket BlueZone Security Annoucement

The Rocket Software development team has just released an update to fix vulnerabilities within the scripting components of the BlueZone Desktop and Web-to-Host products. Buffer overflows and other vulnerabilities were identified that could allow threat actors to run malicious code or otherwise compromise the system. The findings are remediated with these updates.

All supported versions of BlueZone components are affected.

Fixes for releases 6.1.9 and 6.2.3 are available by request from the Rocket Customer Portal.

Rocket would like to thank an anonymous researcher, working with Beyond Security's SecuriTeam Secure Disclosure project, for identifying the referenced vulnerabilities and notifying Rocket.