Cisco Collaboration Server (CCS) versions earlier than 5.0 ship with ServletExec versions that are vulnerable to attack where unauthorized users can upload any file and gain administrative privileges. The workaround is documented in the Workaround section below. Cisco has provided an automated script to remove this vulnerability from the CCS 4.x versions This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040630-CCS.