The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.
Restrict branch-management privileges to trusted administrative users only. Validate branch codes on the server side using a strict allowlist of safe characters and reject path separators, traversal sequences, control characters, and other special characters. Ensure that filesystem paths are canonicalized and checked against an expected base directory before file operations are performed. Review service-account filesystem permissions so that the application can only write to required storage locations. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.
The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update.