The affected area is contained within the Application Portal product.
In our Application Portal product, under some circumstances, power users with extensive technical knowledge and Synergetic knowledge may be able to see sensitive information relating to the Application Portal which they should not be able to access under typical circumstances.
This vulnerability has been resolved as a part of 70.18
Anyone whom is running a older version than 70.15, we would strongly advise upgrading to the latest version.
A hotfix has been developed for 70.15 & 70.16.
If you're currently using versions 70.15 or 70.16, please follow the instructions below to deploy this hotfix:
Determine the version of Synergetic that you are running. To do this, go to SynWeb > Help > About and take note of theSynWeb Version.
Download the relevant .zip file for your version from the list of files under the Resources section below.
Copy the relevant zip file onto your web server.
Open Internet Information Services (IIS)
Navigate to "CoreAPI", right click and select the "Explore" option - This will open a directory of the Synergetic CoreAPI files.
Alternatively navigate to the directory path "inetpub\wwwroot\CoreAPI"
Make a backup of the contents in the CoreAPI directory and put them in a safe place!
Open the zip file and replace the content in the CoreAPI directory with the content in the zip file.
Once complete, users won't be able to access content relating to Application Portal via the vulnerability.
Note: Please ensure you download the correct resource below.