Issue
A security vulnerability relating to the Synergetic Community Portal was very recently identified. With the right technical knowledge and under certain conditions, it may be possible for someone who is logged in to the Portal to gain access to information which they would not usually have access to. A small number of Synergetic clients running v70.08 or below may have been affected and each client has been contacted and priority support provided with the patch.
Fix
A critical hotfix was created through an update to a core Community Portal binary file Synergetic.SynComPort.Web.dll. The file must be replaced with the fixed version, then the IIS website application pool recycled for the new dll to be applied.
The file replacement and application pool restart will lead to a brief outage of the Community Portal service which is estimated to be a few seconds. Anyone already connected to the Community Portal during this time will have their session dropped and will be able to log in again once the website application pool restarts. This patch does not require any downtime for other Synergetic products.
Due to increased usage period of Community Portal b
Affected and Fixed File Versions
| Version | Fixed |
|---|---|
| v70.01 | 70.1.1.17719 |
| v70.02 | 70.2.1.19911 |
| v70.03 | 70.3.1.21317 |
| v70.04 | 70.4.1.23212 |
| v70.05 | 70.5.1.25816 |
| v70.06 | 70.6.1.26911 |
| v70.07 | 70.7.1.31516 |
| v70.08 | 70.7.2.31809 |
Outcome
Once complete, the reported security vulnerability will be removed.