|Title:||PZOS Platform Information Disclosure|
|Affected Products:||PZOS – All Supported Versions 220.127.116.11 or Below|
The PZOS software contains a vulnerability that could lead to information disclosure.
An information disclosure vulnerability exists in PZOS. An attacker with access to the Panzura Controller web UI has the ability to retrieve the contents of the platform by accessing the system shell.
This vulnerability will be addressed in the next patch release of PZOS. To reduce and eliminate the exposure in the meantime, customers should ensure that access to the Panzura Controller web UI through the LAN port is protected by their firewall rules and the admin password is controlled and managed by trusted administrators within the company.
Upgrade the Panzura software to PZOS version 18.104.22.168 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.