Unauthorized Viewing Access To Sensitive Information

This document explains the vulnerability that lets unauthorized user (Guest user) to view sensitive information in Remote Access Plus.

Vulnerability ID : CVE-2022-26653
Vulnerability Update Release build : 10.1.2137.15
Update Release Date : 08th April, 2022
Reported by: Matt

What was the problem?

This vulnerability lets unauthorized user (Guest user) to view sensitive information, such as, the domain's administrative user, GUID, etc., in Remote Access Plus.

How was the issue resolved?

From now on, only administrators can access the domain API enabling only them to view those sensitive information.

How can you fix it?

The issue has been resolved and the relevant fixes are available in the latest Remote Access Plus build. Visit the Remote Access Plus service packs page, download the latest PPM and update.

Keywords: Privilege escalation, Security Updates, Vulnerabilities and Fixes.

Note: This issue is not applicable to Remote Access Plus Cloud.