Carregando...
Qualitor - Software para Atender Melhor - Help Desk, Service Desk, Shared Services, Ouvidoria
Qualitor - Software para Atender Melhor - Help Desk, Service Desk, Shared Services, Ouvidoria

Official Security Advisory – CVE-2024-48359

Comunicado-Institucional-01

Publication Date: November 10, 2024

CVE ID: CVE-2024-48359

Affected Product(s): Qualitor / Versions 8.20, 8.24

At Qualitor Software, we are committed to the security and integrity of our products. We aim to maintain transparency and provide ongoing support to our users. A security vulnerability has recently been identified in our software, referenced under CVE-2024-48359.

Vulnerability Description

The vulnerability was found in the following file:

/html/ad/adpesquisasql/request/processVariavel.php

It could allow a remote attacker, even without authentication, to execute arbitrary commands on the affected server by exploiting a Remote Code Execution (RCE) flaw.

Resolution

Upon identification, our security team acted promptly to develop and test an effective fix to mitigate the risk.

The fix is available in the following versions:

• 8.20 changeset (ef47bd2f) – Released on November 10, 2024

• 8.24 changeset (759297a3) – Released on November 10, 2024

Users can request the update procedure through our official communication channels.

We strongly recommend that all users who have not yet applied this update do so as soon as possible to ensure continued system security.

Actions Taken

• Analysis and Mitigation: The vulnerability was investigated, and a corrective patch was implemented to eliminate the associated risk.

• Quality Assurance: Comprehensive testing was conducted to ensure the fix did not impact product stability or performance.

• Proactive Communication: Clients were informed of the update and encouraged to apply it immediately.

User Guidance

1. Verify your current product version and ensure you are running one of the following or a later patch:

o 8.20 changeset (ef47bd2f) – November 10, 2024

o 8.24 changeset (759297a3) – November 10, 2024

2. Apply the update as per the instructions provided through our official support channels.

3. If you have any questions or require assistance, please contact our support team.

Security Commitment

At Qualitor Software, we take product security very seriously. We continuously work to identify, correct, and prevent vulnerabilities, providing a secure environment for our users.

We will continue to monitor and enhance our solutions to uphold customer trust and the integrity of systems powered by our products.

Contact

For questions or further information, please contact our technical support team:

? Email: suporte@qualitor.com.br

? Support Portal: https://qualitor.qualitorsoftware.com/qualitor/LoginUsuario.php

Qualitor informa: usamos cookies para personalizar anúncios e melhorar a sua experiência no site. Ao continuar navegando, você concorda com a nossa Política de Privacidade.

continuar e fechar