CVE-2024-50388

Name of the Vulnerable Software and Affected Versions: HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673

Description: The issue is related to an OS command injection vulnerability. This vulnerability could allow remote attackers to execute commands. It is reported that over 113,000 instances are potentially affected. The vulnerability was exploited at Pwn2Own, allowing attackers to carry out remote command execution.

Recommendations: For HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673, update to version 25.1.1.673 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable software to minimize the risk of exploitation.