Name of the Vulnerable Software and Affected Versions Terrasoft (affected versions not specified) Creatio (affected versions not specified)

Description The issue is related to the ConnectionStrings.config component in Terrasoft CRM system and Creatio BPM system, where there is an incorrect restriction of the path name to a directory with limited access. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For Terrasoft, consider restricting access to the ConnectionStrings.config component until a fix is available. For Creatio, avoid using the vulnerable ConnectionStrings.config component in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.