The vulnerability identified relates to a seldom used component of the underlying operating system, which if not effectively disabled, could be utilized to gain unaudited but restricted access to the appliance file system. To date this has not been demonstrated to permit access to the highly-protected sensitive information stored in the appliance, but in theory could be used to damage some capabilities of the application. For this reason Quest Software have provided an immediate fix to address and remove this potential exposure. It is worth noting that the ability to exploit this vulnerability would require access to the console of the appliance, something which is typically highly restricted across personnel within any organization. We recommend adhering to the security best practices of establishing tightly controlled physical access to the appliance, and to protect or prohibit network access through the Dell Remote Access Controller.
We strongly recommend downloading and applying Hotfix_6136.zip at the earliest.
Apply Hotfix_6136.zip to addresses this vulnerability. This should be applied to all instances of Privileged Session / Password Manager versions 2.5.904-2.5.910. The patch does not modify the application or its behaviour in any way, but simply modifies configuration settings for an unused component of the operating system. After applying the patch, a reboot of the appliance is encouraged if possible, but not necessary to complete the installation.
Applies to 2.5.904 - 2.5.910
It is strongly recommended that the appliance is rebooted after applying this patch, however it is not mandatory.