Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This vulnerability has been resolved as a part of 70.18

Issue

Under some circumstances, users may be able to see sensitive information which they should not have access to in SynWeb. 

Fix

A hotfix has been developed for 70.15 and 70.16 only.  

...

  1. Determine the version of Synergetic that you are running. To do this, go to SynWeb > Help > About and take note of the SynWeb Version.
  2. Download the relevant .zip file for your version from the list of files under the Resources section below.
  3. Copy the relevant zip file onto your web server.
  4. Open Internet Information Services (IIS)
  5. Navigate to "CoreAPI", right click and select the "Explore" option - This will open a directory of the Synergetic CoreAPI files. 
    1. Alternatively navigate to the directory path "inetpub\wwwroot\CoreAPI"
  6. Make a backup of the contents in the CoreAPI directory and put them in a safe place!
  7. Open the zip file and replace the content in the CoreAPI directory with the content in the zip file.

Outcome

Once complete, users will not be able to see sensitive information they do not have security access to.


Note: Please ensure you download the correct resource below.

Resources for 70.15

70-SynergeticCoreAPI.70.15.2-RC.20919.zip


Resources for 70.16

70-SynergeticCoreAPI.70.16.2-RC.24319.zip


Requesting Assistance

As always, if you have any further questions or concerns, our Support team is available to assist:

...