Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
According to the NCC, a zero-day vulnerability was found in the Terrasoft CRM system and the Creatio BPM system.
The National Coordination Center for Computer Incidents (NCCC) has warned about the presence of a zero-day vulnerability in the Terrasoft CRM system and Creatio BPM system developed by Terrasoft.
According to the NCC, the vulnerability allows unauthorized access to the ConnectionStrings.config file, which in most cases contains the authentication data of the administrator of the affected product. As a result, attackers can disrupt data processing processes in organizations, as well as gain access to confidential data.
The NCC recommends that users of Terrasoft products take the following measures to neutralize the threat:
The National Coordination Center for Computer Incidents (NCCC) has warned about the presence of a zero-day vulnerability in the Terrasoft CRM system and Creatio BPM system developed by Terrasoft.
According to the NCC, the vulnerability allows unauthorized access to the ConnectionStrings.config file, which in most cases contains the authentication data of the administrator of the affected product. As a result, attackers can disrupt data processing processes in organizations, as well as gain access to confidential data.
The NCC recommends that users of Terrasoft products take the following measures to neutralize the threat:
- Update the authentication data of users of the products listed above.
- Restrict access to the affected product from the Internet.
- Use the application-level firewall to protect your information resources.
- Consider switching to domestic analogues.
