Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5671
SynopsisThe remote web server is hosting a web application that is affected by multiple security bypass vulnerabilities.
DescriptionThe remote web server is hosting Syncrify, a web-based incremental backup application.
Versions of Syncrify earlier than 2.1 Build 420 are potentially affected by multiple security bypass vulnerabilities :
- The application fails to restrict access to the password management page and allows users to change the administrator's password by directly accessing that page.
- It is possible for users to browse and download unauthorized files by accessing them directly.
SolutionUpgrade to Syncrify 2.1 Build 420 or later.