User Tools

Site Tools

You are here: Ahsay Wiki » Welcome to AhsayWiki » announcement » Ahsay Security Advisory (#26030) - Critical Vulnerability in AhsayCBS v7 and AhsayCBS v8

Sidebar

Announcement

Ahsay Backup Software

Backup Set Types

Supported Storage

Features in OBM / ACB

Features in CBS

Brand and Customize

License

Documentation

Performance Testing

FAQs and Known Issues

Can't Find What You Need?

public:announcement:critical_vulnerability_in_ahsaycbs_v7_and_v8

Table of Contents

Ahsay Security Advisory (#26030) - Critical Vulnerability in AhsayCBS v7 and AhsayCBS v8

We have recently uncovered a critical vulnerability in the AhsayCBS API (Application Programming Interface) system, which exposes some versions of AhsayCBS v7 and AhsayCBS v8 to a very high risk of malicious attack and loss of data.

The vulnerability could potentially allow a malicious attacker to:

  • Gain access the file system and all backup files on the AhsayCBS server
  • Obtain a list of directories and files on the AhsayCBS server
  • Delete files on the AhsayCBS server
  • Download files from the AhsayCBS server

What are the affected AhsayCBS versions?

  • AhsayCBS pre-v7.17.2.97
  • AhsayCBS v8.1.0.24 to v8.1.1.x
  • AhsayCBS v8.3.0.30 to 8.3.0.104

Does it affect my AhsayOBM/AhsayACB v7 and v8 clients?

The vulnerabilities only affect AhsayCBS v7 and AhsayCBS v8 servers, it does not affect the AhsayOBM/AhsayACB v7 and v8 clients, and therefore no action is required for AhsayOBM/AhsayACB clients.

However, we do recommend partners consider upgrading AhsayOBM/AhsayACB clients to the latest versions to take advantage of the latest available bug fixes and enhancements.

What action do I need to take to fix this problem?

All affected partners:

  • On AhsayCBS v7 are strongly advised to upgrade to the latest version of v7, AhsayCBS v7.17.2.119 or above to fix the critical vulnerability.
  • On AhsayCBS v8 are strongly advised to upgrade to the latest version of v8, AhsayCBS v8.3.2.11 or above to fix the critical vulnerability.

Please make sure you have valid maintenance before upgrading to the latest release. Otherwise, your AhsayCBS service will stop functioning due to “Support Expired” error. Please contact a member our Sales team sales-kb@ahsay.com for assistance with maintenance related issues.

1. For partners currently on AhsayCBS v7

i. If your current version is NOT AhsayCBS v7.17.2.2 or above.

  • Please refer to this KB articles for upgrade instructions to upgrade to v7.17.2.2:
  • Apply the latest hotfix v7.17.2.119 or above. Please refer to instructions on our Partner Portal here. (Note: a valid partner portal login is required.)

ii. If your current version is AhsayCBS v7.17.2.2 or above.

  • Apply the latest hotfix v7.17.2.119 or above. Please refer to instructions on our Partner Portal here. (Note: a valid partner portal login is required.)

2. For partners currently on AhsayCBS v8

If your current version is NOT AhsayCBS v8.3.2.11 or above, please refer to the following KB article for upgrade instructions:

What if my maintenance has already expired? How do I upgrade?

Stop! Do not upgrade until you contact a member our Sales Team at sales-kb@ahsay.com for assistance with your maintenance renewal.

What if I require assistance with my AhsayCBS server upgrade?

Our professional service team is ready to provide immediate assistance to partners with AhsayCBS v7 and AhsayCBS v8 upgrades.

Please contact a member our Sales Team at sales-kb@ahsay.com to obtain a quotation for the AhsayCBS upgrade service.

public/announcement/critical_vulnerability_in_ahsaycbs_v7_and_v8.txt · Last modified: 2020/02/20 11:19 by yuk.cheng

Page Tools