SoftNAS users should upgrade their virtual appliance immediately following the discovery of a security issue in the product’s session management. Texas pen-testing outfit Digital Defense discovered the vulnerability during an engagement and coordinated disclosure with SoftNAS. The vulnerability was introduced in SoftNAS version 4.2.0, when the company integrated nginx support, ironically to improve the security of the product. SoftNAS customers rely on their software appliances for primary, secondary, and archive storage, Jeff Russo, senior vice president of products says.”]
Source: https://www.csoonline.com/article/3375199/softnas-cloud-0day-found-upgrade-asap.html