PT-2026-5102 · Unknown · Sync Breeze Enterprise Server+1
Rafael Pedrero
·
Publicado
2026-01-28
·
Atualizado
2026-01-28
·
CVE-2025-59894
CVSS v4.0
8.5
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Sync Breeze Enterprise Server versions 10.4.18
Disk Pulse Enterprise versions 10.4.18
Description
A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions. This is due to missing CSRF token implementation. An attacker can leverage a POST request to the ''/delete all commands?sid='' endpoint to delete all commands.
Recommendations
Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability.
Update Disk Pulse Enterprise to a version with a fix for this vulnerability.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Diskpulse Enterprise
Sync Breeze Enterprise Server