This advisory discloses security vulnerabilities that we have found in the iSymphony Server component.
- Customers who have downloaded and installed iSymphony should implement OS-based firewalling to their existing iSymphony installations to fix this vulnerability.
If you have questions or concerns regarding this advisory, please raise a support request at http://www.getisymphony.com/support.
In this advisory:
MEDIUM - HIGH
iSymphony Server CLI connection on TCP port 50001 does not have IP/Subnet based permission schema. If your iSymphony Server installation's TCP port 50001 is accessible via a network connection and not firewalled, the CLI may be subject to malicious attackers, or internal organization information may be obtained from telnet based usage of this port.
iSymphony does not provide a mechanism implementing IP based permissions allowing for selective source-address connections to the iSymphony Command Line Interface.
Utilize IPTables / IPChains (Linux), IPFW (BSD), 3rd Party Firewall implementation or appliance to effect firewalling based filtering prohibiting access to TCP Port 50001 on machine hosting the iSymphony Server component.