Umbraco have released a security advisory relating to password reset poison attacks related to their CMS software that many of our clients use and that we provide installations of.

We can confirm all new and existing Winserve clients are not affected by this issue.
Clients are not affected as we use the hostname fields in IIS for all websites.

Related links:

https://umbraco.com/blog/security-advisory-january-20-2022-medium-severity-security-vulnerability-identified-in-umbraco-cms/?vgo_ee=kEcEscvhVo2UQh%2BS%2BWqunk5Xw8IcJbZJCEP4X9vwpSQ%3D

https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/#

 



Thursday, January 20, 2022

« Назад