Important Security Improvement: Update to Release Sprint 150 Required
Dear Customers,
As part of our continuous security reviews, a potential vulnerability was identified in the upload process that, under certain circumstances with active user login, could allow the inclusion of local server files. This type of vulnerability (Local File Inclusion) can lead to unauthorized access to sensitive data.
What has been improved?
With Release Sprint 150, we have significantly tightened the upload validation to prevent manipulation of the file path. This measure protects your systems from attacks aimed at including local files.
Recommended Additional Security Measure
Please also check the server-side access control of the Application Pool User:
- The Application Pool User should have access only to the installation path of the application and to stored paths of the DMS profile.
- Review and optimize the permissions of the Application Pool User.
What do you need to do?
- Perform the update to Release Sprint 150.
- If necessary, restrict the permissions of the Application Pool User.
These measures help to increase the security of your environment and minimize risks.
If you have any questions or need assistance, please contact our support.
Comments
0 comments
Article is closed for comments.