Security Updates

 

CVE-2023-48646 – Remote Code Execution Vulnerability in RecoveryManager Plus

Vulnerability Details
Severity Low
CVE ID CVE-2023-48646
Affected software versions 6062 and below
Fixed version 6070
Fixed on June 30, 2023

Details

RecoveryManager Plus builds 6062 and older were reported to have an authenticated remote code execution vulnerability. This has been fixed in the build 6070; its release notes can be found here.

Impact

An authenticated user with admin privileges can remotely execute codes on the machine where RecoveryManager Plus is installed through proxy settings.

Steps to update

Update your RecoveryManager Plus instance to 6070 using the service pack.

Acknowledgements

This vulnerability was discovered by hir0ot working with Trend Micro Zero Day Initiative.

A single pane of glass for AD, Azure AD, Microsoft 365,
Google Workspace, Exchange, and Zoho WorkDrive backup.
  • » Personal WorkDrive backup
  • » Backup retention
  • » Incremental backup