Is Safeguard for Passwords affected by CVE-2022-21849 or CVE-2022-21907 (4299201)

Chatee ahora con Soporte

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

Is Safeguard for Passwords affected by CVE-2022-21849 or CVE-2022-21907
Descripción

Is Safeguard for Privileged Passwords affected by the following vulnerabilities?
CVE-2022-21849
CVE-2022-21907
Resolución

It has been confirmed by engineering that Safeguard for Privileged Passwords and Safeguard for Privileged Passwords On Demand are NOT vulnerable.
CVE-2022-21849
SPP does not use IKE. In Safeguard On Demand (FastSaaS), Azure IPSec VPN may be used to connect to the customer network. The Safeguard On Demand side of this connection uses the Azure VPN component which has been patched by Microsoft
CVE-2022-21907
Safeguard does use the HTTP protocol stack (HTTP.sys), but we do not set the registry value "EnableTrailerSupport".

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Contenido recomendado

Producto(s):: One Identity Safeguard for Privileged Passwords
6.13.1, 6.13, 6.0.13 LTS, 6.12.1, 6.0.12 LTS, 6.11.1, 6.11, 6.0.11 LTS, 6.10.1, 6.10, 6.0.10 LTS, 6.0.9 LTS, 6.9.x; Safeguard for Privileged Passwords On Demand
Hosted

Historial del artículo:: Creado el: 1/14/2022
Última actualización: 5/7/2023

Título