Security Advisory - RecoveryManager Plus versions 6041 and below.

Security Advisory - RecoveryManager Plus versions 6041 and below.

We have addressed a recently discovered authentication bypass vulnerability affecting the REST API URLs in RecoveryManager Plus. This article provides more information on the issue and how to resolve it.


What is the issue?
An authentication bypass vulnerability affecting REST API URLs.

What is the severity of this issue?
This is a critical issue.

Which versions of RecoveryManager Plus are affected?
RecoveryManager Plus builds up to 6041 are affected.

How does it impact RecoveryManager Plus customers?
This vulnerability allows attackers to gain unauthorized access to the product through REST API endpoints by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks.

What should I do?
This vulnerability can be exploited in unpatched RecoveryManager Plus installations. We recommend you update RecoveryManager Plus to the latest build (6402) using the service pack as soon as possible.


If you need further information, have any questions, or face any difficulties updating RecoveryManager Plus, please get in touch with us at support@recoverymanagerplus.com, or 1-888-720-9500 (toll-free).