-
Title
TPAM Hotfix 7851 for Solution 210222 - Vulnerability Due to an Inadequate Parameter Validation -
Description
This hotfix includes the changes outlined in the following sections. One Identity may generate additional hotfixes for future releases of the product.
A vulnerability within the TPAM product has been identified. This vulnerability is caused by an inadequate parameter validation on a small number of seldom used input fields.
This could allow a highly-privileged authenticated user to gain limited access to the underlying system software via a specially crafted value added to these seldom used fields. This impacts versions 2.5.904 - 2.5.915 of TPAM. -
Resolution
Please review the Critical Product Notification for 7851.
Please note: If you have upgraded to 2.5.916 or applied Hotfix 7851 then it is also required that customers apply Hotfix 8565.
More information can be found on Hotfix 8565 by clicking here.
This vulnerability has been resolved in TPAM 2.5.916 therefore it is suggested that customers upgrade to this latest version. The upgrade can be downloaded from the Support Portal.
For those customers not able to upgrade to 2.5.916 at this time we strongly recommend applying Hotfix 7851 and Hotfix_8565 immediately. This hotfix resolves the previously mentioned vulnerability and also adds additional layers of security to prevent such an attack in the future.
Please download the hotfix TPAM Hotfix 7851 for KB 210222, by clicking here.
Resolved issues
The following is a list of issues resolved in this hotfix.
Issues resolved in hotfix 7851:Resolved Issue Issue ID Vulnerability caused by inadequate parameter validation on a small number of seldom used input fields. 7851
Applicability of this hotfix
Products affected by this hotfix:Product Name Version TPAM 2.5.904 - 2.5.915
Installing this hotfix
To install the hotfix:
1. Take a backup of the TPAM appliance.
2. Copy the supplied .zip file to your local computer.
3. Log in to the TPAM /admin interface.
4. Select Maint | Apply a Patch from the menu.
5. Click the Select File button.
6. Click the Browse button. Select the patch file that you saved locally.
7. Click the Upload button.
8. Type X9trFVmp9R in the Key box.
9. Type /genkey in the Options box.
10. By default, if you are applying a patch to a primary member of a cluster, the replicas in the cluster will be listed and highlighted in the Target Replicas list. If any of the replicas are deselected, the patch will not be applied to it. The replica can be patched at a later date by logging on directly to the /admin interface of the replica. If the software version numbers (excluding the build number) of the primary and the replica still match them the primary will still be able to send data to the replica. We recommend that you contact Technical Support before deciding to deselect any of the replicas on this list.
11. Click the Apply Patch button.
Verifying successful installation
To determine if this hotfix is installed:
1. Click the Patch Log tab.
2. To set the log refresh interval, select Refresh Results every X seconds.
3. Once the hotfix has been applied there will be a message in the patch log stating “Patch successfully applied to system”.
Removing this hotfix
To remove this hotfix:
1. To remove this hotfix the TPAM appliance can be restored using the backup taken prior to applying the hotfix. We recommend discussing this with Technical Support prior to completing the restore. -
Attachments