Is Safeguard for Passwords affected by CVE-2022-21849 or CVE-2022-21907 (4299201)

Chatta subito con l'assistenza

Restituisci

Feedback inviato

Questo articolo ti è servito per risolvere il problema?

Seleziona valutazione

Titolo

Is Safeguard for Passwords affected by CVE-2022-21849 or CVE-2022-21907
Descrizione

Is Safeguard for Privileged Passwords affected by the following vulnerabilities?
CVE-2022-21849
CVE-2022-21907
Risoluzione

It has been confirmed by engineering that Safeguard for Privileged Passwords and Safeguard for Privileged Passwords On Demand are NOT vulnerable.
CVE-2022-21849
SPP does not use IKE. In Safeguard On Demand (FastSaaS), Azure IPSec VPN may be used to connect to the customer network. The Safeguard On Demand side of this connection uses the Azure VPN component which has been patched by Microsoft
CVE-2022-21907
Safeguard does use the HTTP protocol stack (HTTP.sys), but we do not set the registry value "EnableTrailerSupport".

Feedback inviato

Questo articolo ti è servito per risolvere il problema?

Seleziona valutazione

Contenuti consigliati

Prodotto/i:: One Identity Safeguard for Privileged Passwords
6.13.1, 6.13, 6.0.13 LTS, 6.12.1, 6.0.12 LTS, 6.11.1, 6.11, 6.0.11 LTS, 6.10.1, 6.10, 6.0.10 LTS, 6.0.9 LTS, 6.9.x; Safeguard for Privileged Passwords On Demand
Hosted

Cronologia articoli:: Data di creazione: 1/14/2022
Ultimo aggiornamento: 5/7/2023

Titolo