Chatta subito con l'assistenza
Chat con il supporto

One Identity Safeguard for Privileged Sessions 7.0.3.1 LTS - Release Notes

Release Notes

One Identity Safeguard for Privileged Sessions 7.0.3.1 LTS

Release Notes

27 July 2023, 17:15

These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.

Topics:

About this release

One Identity Safeguard for Privileged Sessions Version 7.0.3.1 LTS is a maintenance release with resolved issues. For details, see:

NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.

About the Safeguard product line

The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.

Safeguard privileged management software suite

Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.

The Safeguard products' unique strengths are:

  • One-stop solution for all privileged access management needs

  • Easy to deploy and integrate

  • Unparalleled depth of recording

  • Comprehensive risk analysis of entitlements and activities

  • Thorough Governance for privileged account

The suite includes the following modules:

  • One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
  • One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.

    Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.

  • One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues in release 7.0.3.1 LTS
Resolved Issue Issue ID

Typo on connection wizard page.

In the Connection created page of Connection Wizard, the SPS address was missing. This has been corrected.

340527

Screenshot generation permission error notification is too eager to appear.

If a user with read permission tried to view an already generated screenshot, SPS displayed a screenshot generation error. This issue has been corrected, and now the screenshot generation permission error is displayed only if the user who wants to generate a screenshot does not have read and write permission in the search access control list.

340529

Login Options LDAP servers: Missing validator for the same addresses.

A validator has been added for the address list of the LDAP servers, to prevent the users from saving the list if there are multiple addresses with the same hostname and port. The address list must contain unique value pairs.

340563

License problem not apparent on side bar.

In the About menu, the warning icons were not displayed when the extendable panels were closed. This has been corrected, and now, if there are warnings, the warning icons are displayed even if the expandable panels are closed.

340598

Too many configuration elements can cause reference_id error on the UI.

Committing extremely large configuration changes on the web GUI could fail with the error "Form reference id received does not match stored value". This has been fixed and now such extremely large configuration changes are possible within a single commit. Also, the error message has been reworded to better describe the error condition and its possible resolutions.

403615

The permitted redirect devices in the RDP channel policy were not saved in the configuration during the commit. This issue has been corrected.

406786

The RAID status is not displayed after the installation

Previously, at the end of the installation of Safeguard 4000, the RAID sync status was not displayed. This issue has been corrected.

407479

Connection to a remote SSH server running OpenSSH 7.4, or older, through SPS can fail.

If the relayed authentication method was set to 'Public key' with 'Agent' selected for an SSH Authentication policy and the target SSH server was running OpenSSH 7.4, 7.3, or 7.2, connecting to the server through SPS could fail.

In this case, the following line was written in the log: "Client side public key signature algorithm is unsupported by the server; signature_algo='...'"

This issue has been fixed. Public key authentication to remote SSH servers running OpenSSH 7.4, 7.3, or 7.2 now works.

415489

The network interface order was wrong on the 4000 series appliances, which caused that High Availability configuration is not working even with proper cabling. This issue has been corrected.

424781

There was a legacy RAID status checking during the precheck phase, which failed on the 4000 series appliance. The legacy RAID status checking is deprecated and a new precheck procedure has been introduced.

425584

Table 2: Resolved Common Vulnerabilities and Exposures (CVE) in release 7.0.3.1 LTS
Resolved Issue Issue ID

cloud-init:

CVE-2023-1786

erlang:

CVE-2022-37026

freetype:

CVE-2023-2004

ipmitool:

CVE-2020-5208

ldb:

CVE-2023-0614

libwebp:

CVE-2023-1999

libxml2:

CVE-2023-28484

 

CVE-2023-29469

linux:

CVE-2022-3108

 

CVE-2022-3903

 

CVE-2023-1281

 

CVE-2023-1829

 

CVE-2023-26545

openjdk-lts:

CVE-2023-21930

 

CVE-2023-21937

 

CVE-2023-21938

 

CVE-2023-21939

 

CVE-2023-21954

 

CVE-2023-21967

 

CVE-2023-21968

openssl:

CVE-2023-0464

 

CVE-2023-0465

 

CVE-2023-0466

samba:

CVE-2023-0614

 

CVE-2023-0922

sqlparse:

CVE-2023-30608

sudo:

CVE-2023-2848

 

CVE-2023-28486

 

CVE-2023-28487

vim:

CVE-2021-4166

 

CVE-2021-4192

 

CVE-2021-4193

 

CVE-2022-0213

 

CVE-2022-0261

 

CVE-2022-0318

 

CVE-2022-0319

 

CVE-2022-0351

 

CVE-2022-0359

 

CVE-2022-0361

 

CVE-2022-0368

 

CVE-2022-0408

 

CVE-2022-0413

 

CVE-2022-0443

 

CVE-2022-0554

 

CVE-2022-0572

 

CVE-2022-0629

 

CVE-2022-0685

 

CVE-2022-0714

 

CVE-2022-0729

 

CVE-2022-1629

 

CVE-2022-1674

 

CVE-2022-1720

 

CVE-2022-1733

 

CVE-2022-1735

 

CVE-2022-1785

 

CVE-2022-1796

 

CVE-2022-1851

 

CVE-2022-1898

 

CVE-2022-1927

 

CVE-2022-1942

 

CVE-2022-1968

 

CVE-2022-2124

 

CVE-2022-2125

 

CVE-2022-2126

 

CVE-2022-2129

 

CVE-2022-2175

 

CVE-2022-2183

 

CVE-2022-2206

 

CVE-2022-2207

 

CVE-2022-2304

 

CVE-2022-2344

 

CVE-2022-2345

 

CVE-2022-2571

 

CVE-2022-2581

 

CVE-2022-2845

 

CVE-2022-2849

 

CVE-2022-2923

 

CVE-2022-2946

 

CVE-2022-2980

Strumenti self-service
Knowledge Base
Notifiche e avvisi
Supporto prodotti
Download di software
Documentazione tecnica
Forum utente
Esercitazioni video
Feed RSS
Contatti
Richiedi assistenza sulle licenze
Supporto tecnico
Visualizza tutto
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione