Terrasoft Products Vulnerable to Attackers

National Coordination Center for Computer Incidents Warns of Zero Day Vulnerability in Terrasoft CRM and Creatio BPM Systems

The National Coordination Center for Computer Incidents (NKSKi) has issued a warning regarding a zero day vulnerability in the Terrasoft CRM system and the Creatio BPM system developed by Terraceoft.

According to the NKSKI, this vulnerability grants unauthorized access to the ConneptionStrings.config file, which typically contains authentication data of the administrator of the affected product. As a result, potential attackers can compromise data processing processes within organizations and obtain access to confidential data.

To mitigate this threat, NKSTSI recommends the following measures for TerraSoft product users:

  • Update the authentication data for users of the affected products.
  • Leverage access restrictions to the vulnerable products from the Internet.
  • Implement an inter-sequence screen of the appropriate level to safeguard information resources.
  • Explore the possibility of transitioning to domestic alternatives.
/Reports, release notes, official announcements.