Release Notes
27 July 2023, 17:15
These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
One Identity Safeguard for Privileged Sessions Version 7.0.3.1 LTS is a maintenance release with resolved issues. For details, see:
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
The following is a list of issues addressed in this release.
| Resolved Issue | Issue ID |
|---|---|
|
Typo on connection wizard page. In the Connection created page of Connection Wizard, the SPS address was missing. This has been corrected. |
340527 |
|
Screenshot generation permission error notification is too eager to appear. If a user with read permission tried to view an already generated screenshot, SPS displayed a screenshot generation error. This issue has been corrected, and now the screenshot generation permission error is displayed only if the user who wants to generate a screenshot does not have read and write permission in the search access control list. |
340529 |
|
Login Options LDAP servers: Missing validator for the same addresses. A validator has been added for the address list of the LDAP servers, to prevent the users from saving the list if there are multiple addresses with the same hostname and port. The address list must contain unique value pairs. |
340563 |
|
License problem not apparent on side bar. In the About menu, the warning icons were not displayed when the extendable panels were closed. This has been corrected, and now, if there are warnings, the warning icons are displayed even if the expandable panels are closed. |
340598 |
|
Too many configuration elements can cause reference_id error on the UI. Committing extremely large configuration changes on the web GUI could fail with the error "Form reference id received does not match stored value". This has been fixed and now such extremely large configuration changes are possible within a single commit. Also, the error message has been reworded to better describe the error condition and its possible resolutions. |
403615 |
|
The permitted redirect devices in the RDP channel policy were not saved in the configuration during the commit. This issue has been corrected. |
406786 |
|
The RAID status is not displayed after the installation Previously, at the end of the installation of Safeguard 4000, the RAID sync status was not displayed. This issue has been corrected. |
407479 |
|
Connection to a remote SSH server running OpenSSH 7.4, or older, through SPS can fail. If the relayed authentication method was set to 'Public key' with 'Agent' selected for an SSH Authentication policy and the target SSH server was running OpenSSH 7.4, 7.3, or 7.2, connecting to the server through SPS could fail. In this case, the following line was written in the log: "Client side public key signature algorithm is unsupported by the server; signature_algo='...'" This issue has been fixed. Public key authentication to remote SSH servers running OpenSSH 7.4, 7.3, or 7.2 now works. |
415489 |
|
The network interface order was wrong on the 4000 series appliances, which caused that High Availability configuration is not working even with proper cabling. This issue has been corrected. |
424781 |
|
There was a legacy RAID status checking during the precheck phase, which failed on the 4000 series appliance. The legacy RAID status checking is deprecated and a new precheck procedure has been introduced. |
425584 |
| Resolved Issue | Issue ID |
|---|---|
|
cloud-init: |
CVE-2023-1786 |
|
erlang: |
CVE-2022-37026 |
|
freetype: |
CVE-2023-2004 |
|
ipmitool: |
CVE-2020-5208 |
|
ldb: |
CVE-2023-0614 |
|
libwebp: |
CVE-2023-1999 |
|
libxml2: |
CVE-2023-28484 |
|
|
CVE-2023-29469 |
|
linux: |
CVE-2022-3108 |
|
|
CVE-2022-3903 |
|
|
CVE-2023-1281 |
|
|
CVE-2023-1829 |
|
|
CVE-2023-26545 |
|
openjdk-lts: |
CVE-2023-21930 |
|
|
CVE-2023-21937 |
|
|
CVE-2023-21938 |
|
|
CVE-2023-21939 |
|
|
CVE-2023-21954 |
|
|
CVE-2023-21967 |
|
|
CVE-2023-21968 |
|
openssl: |
CVE-2023-0464 |
|
|
CVE-2023-0465 |
|
|
CVE-2023-0466 |
|
samba: |
CVE-2023-0614 |
|
CVE-2023-0922 | |
|
sqlparse: |
CVE-2023-30608 |
|
sudo: |
CVE-2023-2848 |
|
CVE-2023-28486 | |
|
CVE-2023-28487 | |
|
vim: |
CVE-2021-4166 |
|
|
CVE-2021-4192 |
|
|
CVE-2021-4193 |
|
|
CVE-2022-0213 |
|
|
CVE-2022-0261 |
|
|
CVE-2022-0318 |
|
|
CVE-2022-0319 |
|
|
CVE-2022-0351 |
|
|
CVE-2022-0359 |
|
|
CVE-2022-0361 |
|
|
CVE-2022-0368 |
|
|
CVE-2022-0408 |
|
|
CVE-2022-0413 |
|
|
CVE-2022-0443 |
|
|
CVE-2022-0554 |
|
|
CVE-2022-0572 |
|
|
CVE-2022-0629 |
|
|
CVE-2022-0685 |
|
|
CVE-2022-0714 |
|
|
CVE-2022-0729 |
|
CVE-2022-1629 | |
|
CVE-2022-1674 | |
|
CVE-2022-1720 | |
|
CVE-2022-1733 | |
|
CVE-2022-1735 | |
|
CVE-2022-1785 | |
|
CVE-2022-1796 | |
|
CVE-2022-1851 | |
|
CVE-2022-1898 | |
|
CVE-2022-1927 | |
|
CVE-2022-1942 | |
|
CVE-2022-1968 | |
|
CVE-2022-2124 | |
|
CVE-2022-2125 | |
|
CVE-2022-2126 | |
|
CVE-2022-2129 | |
|
CVE-2022-2175 | |
|
CVE-2022-2183 | |
|
CVE-2022-2206 | |
|
|
CVE-2022-2207 |
|
CVE-2022-2304 | |
|
CVE-2022-2344 | |
|
CVE-2022-2345 | |
|
CVE-2022-2571 | |
|
CVE-2022-2581 | |
|
CVE-2022-2845 | |
|
CVE-2022-2849 | |
|
CVE-2022-2923 | |
|
CVE-2022-2946 | |
|
CVE-2022-2980 |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
