Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unauthenticated users are able to download whole folders in SafeSync for Enterprise (SSFE) 2.1 SP1

    • Updated:
    • 13 Feb 2015
    • Product/Version:
    • SafeSync for Enterprise 2.1
    • Platform:
    • N/A N/A
Summary

A security defect was found in the current SSFE 2.1 Service Pack (SP) 1 Build 1496. By modifying the URL of a file’s shareable link, an unauthenticated user can download the whole folder without logging in to SafeSync.

Details
Public

Who is Affected?

The defect exists in SSFE 2.1 SP1 Server Build 1496 caused by the new feature that introduces multiple file. However, SSFE 2.1 GM and Patch 1 builds are not affected.

Fix Availability

For existing SSFE 2.1 SP1 installations, apply Critical Patch Build 1557 to fix this defect. SSFE 2.1 SP1 installer as well as the migration package are also repacked to include the fix to the issue.

Premium
Internal
Rating:
Category:
Troubleshoot; SPEC
Solution Id:
1107804
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.