We have addressed a recently discovered authentication bypass vulnerability affecting the REST API URLs in RecoveryManager Plus. This article provides more information on the issue and how to resolve it.
An authentication bypass vulnerability affecting REST API URLs.
This is a critical issue.
RecoveryManager Plus builds up to 6041 are affected.
This vulnerability allows attackers to gain unauthorized access to the product through REST API endpoints by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks.
This vulnerability can be exploited in unpatched RecoveryManager Plus installations. We recommend you update RecoveryManager Plus to the latest build (6402) using the service pack as soon as possible.
If you need further information, have any questions, or face any difficulties updating RecoveryManager Plus, please get in touch with us at email@example.com, or 1-888-720-9500 (toll free).
Need further assistance? Fill this form, and we'll contact you rightaway.