Privileged Password Manager Product Notification

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Support Essentials
Awards and Testimonials
License Agreement
Support Guide
Return
Critical Alerts
TPAM Appliance

Critical Product Notification

 

Problem

A vulnerability within the TPAM product has been identified.  This vulnerability is caused by an inadequate parameter validation on a small number of seldom used input fields. 

How does this affect TPAM?

This could allow a highly-privileged authenticated user to gain limited access to the underlying system software via a specially crafted value added to these seldom used fields. This impacts versions 2.5.904 - 2.5.915 of TPAM.  

Resolution

This vulnerability has been resolved in TPAM 2.5.916 therefore it is suggested that customer upgrade to this latest version.

For those customers not able to upgrade to 2.5.916 at this time we strongly recommend applying hotfix 7851 immediately.  This hotfix resolves the previously mentioned vulnerability and also adds additional layers of security to prevent such an attack in the future.

The upgrade can be download from the Support customer portal

The hotfix can be downloaded from the TPAM customer portal

For additional information regarding the 2.5.916 release please review the product release notes located here.

Questions or comments

If you have any questions or comments, please Contact Support. If you have a technical issue, please log a Service Request.

Thank You,

One Identity 

Please note our Privacy Policy recently changed to support GDPR. You may read it here. Continuing to use our website indicates you have accepted the new policy.