2021-12 - Synergetic Security Hotfix - 17th December 2021
Issue
Where a person has valid user credentials and extensive technical knowledge of the Synergetic system, it may be possible for them to access some operations in SynWeb beyond their permission set. Customers with SAML and MFA in place have greater protection. Customers without SAML or MFA may wish to disable public access to SynWeb until they have implemented the hotfix described below.
Fix
A hotfix has been developed to update the affected Synergetic DLLs and javascript files on your web server.
Please follow the instructions below to deploy this hotfix:
- Determine the version of Synergetic that you are running. To do this, go to SynWeb > Help > About and take note of the SynWeb Version.
- Download the relevant .zip file for your version from the list of files under the Resources section below.
- Download the Powershell script below.
- Copy these two files onto your web server, both into the same folder.
- Go to Internet Information Services on your web server and Stop the SynWeb site.
- Run Windows PowerShell as an administrator.
- Go to the location where the above files were copied to and run the Powershell script with the patch zip file as a parameter. For example: SynWebAjaxUpdate.ps1 "SynWeb Ajax Patch v70.10.02.zip"
- The script will make a backup copy of your current SynWeb folder in SynWeb-perAjaxHotfix.
- It will then copy the new versions of the files to your SynWeb folder.
- Once complete, go to Internet Information Services on your web server and Start the SynWeb site.
Outcome
Once complete, users with valid credentials will not be able to gain access to functions that are restricted.
Verification
- On your web server, go to your inetpub\wwwroot\SynWeb\bin folder.
- Ensure that Synergetic.SynWeb.Web.dll has a Date Modified in the month of January 2022.