|
Key
This line was removed.
This word was removed. This word was added.
This line was added.
|
Changes (8)
View Page History...
h2. Severity
R1Soft rates these vulnerabilities as Critical..
R1Soft rates these vulnerabilities as Critical.
h2. Risk Assessment
An information exposure vulnerability was discovered in the Server Backup Manager. This could result in a SBM user's session being cloned, allowing a malicious use access to SBM with that user's permissions. R1Soft thanks [www.rack911.com|http://www.rack911.com/] for bringing this issue to our attention and working closely with us on resolution.
An information exposure vulnerability was discovered in the Server Backup Manager. This could result in a SBM user session being cloned, allowing a malicious user access to SBM. R1Soft would like to thank [rack911.com|http://www.rack911.com/] for bringing this issue to our attention and assisting in the development of a resolution.
The SSL v3 vulnerability, CVE 2014-3566, known as POODLE, affects Server Backup Manager. This attack compromises encryption and could allow an attacker to get user credentials and session tokens.
The SSLv3 vulnerability, CVE 2014-3566, known as POODLE, affects Server Backup Manager 5.8.0 and earlier. This attack compromises encryption and could allow an attacker to obtain user credentials and session tokens.
...
h2. Vulnerability
Affected versions include Server Backup Manager 5.8.0 and earlier.
...
A fix is not yet available for Server Backup Advanced Edition users.
{note}
{note}
These issues are fixed in [Server Backup 5.8.1|http://wiki.r1soft.com/display/ServerBackup/Server+Backup+5.8.1+Release+Notes], which you can download from the customer [download portal|http://wiki.r1soft.com/display/ServerBackup/Obtain+Server+Backup+Manager+and+Backup+Agent]. You must upgrade the Server Backup Manager. To address the POODLE vulnerability, SSLv3 connections were updated to use TLS. Please verify TLS compatibility with client libraries prior to upgrading.