This vulnerability affects all installations of Open-AudIT prior to version 2.2.
A patched version of Open-AudIT (2.2) will be made available from http://www.open-audit.org/downloads.php and https://opmantek.com/network-tools-download/.
Users are advised to upgrade ASAP when 2.2 is released.
Open-AudIT Professional and Enterprise 2.1 and earlier. Open-AudIT Community is not affected by this vulnerability.
A patch for the issue described in this bulletin is available in the soon to be released Open-AudIT v2.2. This release will be available shortly from http://www.openaudit.org and https://opmantek.com.
Workarounds and Mitigations
Upgrade to Open-AudIT 2.2.
The vulnerability was addressed by Opmantek and upgrading to Open-AudIT 2.2 will include this fix and remove the vulnerability.
The preferred method of mitigation is an upgrade to Open-AudIT 2.2.
If you are affected and require a patch ASAP, please contact Opmantek Support via your regular support channel.