Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2024/VULN457 _____________________________________________________________________ DATE : 31/10/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673. ===================================================================== https://www.qnap.com/fr-fr/security-advisory/qsa-24-41 _____________________________________________________________________ Security ID : QSA-24-41 Vulnerability in HBS 3 Hybrid Backup Sync (PWN2OWN 2024) Release date : October 29, 2024 CVE identifier : CVE-2024-50388 Affected products: HBS 3 Hybrid Backup Sync 25.1.x Severity Critical Status Resolved Summary A vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. We have already fixed the vulnerability in the following version: Affected Product Fixed Version HBS 3 Hybrid Backup Sync 25.1.x HBS 3 Hybrid Backup Sync 25.1.1.673 and later Recommendation To fix the vulnerability, we recommend updating HBS 3 Hybrid Backup Sync to the latest version. Updating HBS 3 Hybrid Backup Sync Log on to QTS or QuTS hero as an administrator. Open App Center and then click . A search box appears. Type "HBS 3 Hybrid Backup Sync" and then press ENTER. HBS 3 Hybrid Backup Sync appears in the search results. Click Update. A confirmation message appears. Note: The Update button is not available if your HBS 3 Hybrid Backup Sync is already up to date. Click OK. The application is updated. Acknowledgements: Pwn2Own 2024 - Viettel Cyber Security Revision History: V1.0 (October 29, 2024) - Published ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================