icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities

Medium

Synopsis

The remote web server is hosting a web application that is affected by multiple security bypass vulnerabilities.

Description

The remote web server is hosting Syncrify, a web-based incremental backup application.

Versions of Syncrify earlier than 2.1 Build 420 are potentially affected by multiple security bypass vulnerabilities :

- The application fails to restrict access to the password management page and allows users to change the administrator's password by directly accessing that page.

- It is possible for users to browse and download unauthorized files by accessing them directly.

Solution

Upgrade to Syncrify 2.1 Build 420 or later.