Skip to end of metadata
Go to start of metadata

Two vulnerabilities have been identified in Server Backup Manager.   

Severity

R1Soft rates these vulnerabilities as Critical.

Risk Assessment

An information exposure vulnerability was discovered in the Server Backup Manager.  This could result in a SBM user session being cloned, allowing a malicious user access to SBM.  R1Soft would like to thank rack911.com for bringing this issue to our attention and assisting in the development of a resolution.

The SSLv3 vulnerability, CVE 2014-3566, known as POODLE, affects Server Backup Manager 5.8.0 and earlier. This attack compromises encryption and could allow an attacker to obtain user credentials and session tokens. 

Risk Mitigation

Immediately upgrade the Server Backup Manager to version 5.8.1. 

Vulnerability

Affected versions include Server Backup Manager 5.8.0 and earlier.

Fix

Upgrade Note: Server Backup Advanced users
A fix is not yet available for Server Backup Advanced Edition users.

These issues are fixed in Server Backup 5.8.1, which you can download from the customer download portal. You must upgrade the Server Backup Manager. To address the POODLE vulnerability, SSLv3 connections were updated to use TLS. Please verify TLS compatibility with client libraries prior to upgrading.

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.