This document explains the vulnerability that lets unauthorized user (Guest user) to view sensitive information in Remote Access Plus.
Vulnerability ID : CVE-2022-26653
Vulnerability Update Release build : 10.1.2137.15
Update Release Date : 08th April, 2022
Reported by: Matt
This vulnerability lets unauthorized user (Guest user) to view sensitive information, such as, the domain's administrative user, GUID, etc., in Remote Access Plus.
From now on, only administrators can access the domain API enabling only them to view those sensitive information.
The issue has been resolved and the relevant fixes are available in the latest Remote Access Plus build. Visit the Remote Access Plus service packs page, download the latest PPM and update.
Keywords: Privilege escalation, Security Updates, Vulnerabilities and Fixes.
Note: This issue is not applicable to Remote Access Plus Cloud.