2022-09 - Security Hotfix for Application Portal product

Scope of vulnerability affected

The affected area is contained within the Application Portal product.

Issue

In our Application Portal product, under some circumstances, power users with extensive technical knowledge and Synergetic knowledge may be able to see sensitive information relating to the Application Portal which they should not be able to access under typical circumstances.

Fix

This vulnerability has been resolved as a part of 70.18

  • Anyone whom is running a older version than 70.15, we would strongly advise upgrading to the latest version.
  • A hotfix has been developed for 70.15 & 70.16.


If you're currently using versions 70.15 or 70.16, please follow the instructions below to deploy this hotfix:

  1. Determine the version of Synergetic that you are running. To do this, go to SynWeb > Help > About and take note of the SynWeb Version.
  2. Download the relevant .zip file for your version from the list of files under the Resources section below.
  3. Copy the relevant zip file onto your web server.
  4. Open Internet Information Services (IIS)
  5. Navigate to "CoreAPI", right click and select the "Explore" option - This will open a directory of the Synergetic CoreAPI files. 
    1. Alternatively navigate to the directory path "inetpub\wwwroot\CoreAPI"
  6. Make a backup of the contents in the CoreAPI directory and put them in a safe place!
  7. Open the zip file and replace the content in the CoreAPI directory with the content in the zip file.

Outcome

Once complete, users won't be able to access content relating to Application Portal via the vulnerability.


Note: Please ensure you download the correct resource below.

Resources for 70.15

70-SynergeticCoreAPI.70.15.2-RC.20919.zip


Resources for 70.16

70-SynergeticCoreAPI.70.16.2-RC.24319.zip


Requesting Assistance

As always, if you have any further questions or concerns, our Support team is available to assist:

Please make sure to mention that your query is in relation to the ‘Application Portal product Security hotfix’ to help our support team action your request as efficiently as possible.