Issue
A security vulnerability relating to the Synergetic Community Portal was very recently identified. With the right technical knowledge and under certain conditions, it may be possible for someone who is logged in to the Portal to gain access to information which they would not usually have access to. A small number of Synergetic clients running v70.08 or below may have been affected and each client has been contacted and priority support provided with the patch.
Fix
A critical hotfix was created through an update to a core Community Portal binary fileĀ Synergetic.SynComPort.Web.dll.
The file must be replaced with the fixed version, then the IIS website application pool recycled for the new dll to be applied.
Affected and Fixed File Versions
| Version | Affected | Fixed |
|---|---|---|
| v70.01 | ||
| v70.02 | ||
| v70.03 | ||
| v70.04 | ||
| v70.05 | ||
| v70.06 | ||
| v70.07 | ||
| v70.08 |
Outcome
Once complete, the reported security vulnerability will be removed.