Vulnerabilities found during external penetration testing on Filr 24.1
Environment
OpenText Filr 24.1
Situation
An independent IT security company has conducted a penetration test on external facing systems. One of the findings was that FILR 24.1 leaks unnecessary information via verbose error messages. Common types of leaked information include operating system, system path, software versions that allows an attacker to then search for vulnerabilities and exploits associated with the target application and underlying system. In the case of Filr 24.1 it was found when sending invalid requests to the file repository system.
On this month's webinar the PM said that the 24.3 release would be in July. I suspect we will get an update on next week's webinar or you can ask him directly.