DESlock+ Support DESlock+ Support
Knowledgebase
A vulnerability exists which could allow a remote attacker access to the Enterprise Server
Article ID: KB175 email a link to this article

A serious vulnerability has been discovered which allows a remote attacker access to an Enterprise Server and allows execution of arbitrary commands. This vulnerability can be exploited by any unauthenticated user.

The remote attacker could access or manipulate any database records, including the ability to create a new login with which to access the Enterprise Server console to perform commands.

It is highly recommended that you upgrade immediately to version 2.5.0 or later. If your Enterprise Server is public facing, then you should immediately disable access and use the Enterprise Server locally until it can be upgraded.

Download

Version 2.5.2 of the Enterprise Server can be downloaded here.

Affected Versions

Issue not present 2.3.2 (and earlier)
Issue present 2.3.3 to 2.4.5 (inclusive)
Issue resolved 2.5.0 (and later)

 

(0 vote(s))
Helpful
Not helpful