One Identity Safeguard for Privileged Sessions 7.0.3 LTS
One Identity Safeguard for Privileged Sessions 7.0.3 LTS
Release Notes
23 May 2023, 13:02
These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
Topics:
One Identity Safeguard for Privileged Sessions Version 7.0.3 LTS is a maintenance release with known issues. For details, see:
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software suite
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
-
One-stop solution for all privileged access management needs
-
Easy to deploy and integrate
-
Unparalleled depth of recording
-
Comprehensive risk analysis of entitlements and activities
-
Thorough Governance for privileged account
The suite includes the following modules:
- One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
-
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
-
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
The following is a list of issues addressed in this release.
Table 1: General resolved issues in release 7.0.3 LTS
Typo on connection wizard page.
In the Connection created page of Connection Wizard, the SPS address was missing. This has been corrected. |
340527 |
Screenshot generation permission error notification is too eager to appear.
If a user with read permission tried to view an already generated screenshot, SPS displayed a screenshot generation error. This issue has been corrected, and now the screenshot generation permission error is displayed only if the user who wants to generate a screenshot does not have read and write permission in the search access control list. |
340529 |
Login Options LDAP servers: Missing validator for the same addresses.
A validator has been added for the address list of the LDAP servers, to prevent the users from saving the list if there are multiple addresses with the same hostname and port. The address list must contain unique value pairs. |
340563 |
License problem not apparent on side bar.
In the About menu, the warning icons were not displayed when the extendable panels were closed. This has been corrected, and now, if there are warnings, the warning icons are displayed even if the expandable panels are closed. |
340598 |
Too many configuration elements can cause reference_id error on the UI.
Committing extremely large configuration changes on the web GUI could fail with the error "Form reference id received does not match stored value". This has been fixed and now such extremely large configuration changes are possible within a single commit. Also, the error message has been reworded to better describe the error condition and its possible resolutions. |
403615 |
The permitted redirect devices in the RDP channel policy were not saved in the configuration during the commit. This issue has been corrected. |
406786 |
The RAID status is not displayed after the installation
Previously, at the end of the installation of Safeguard 4000, the RAID sync status was not displayed. This issue has been corrected. |
407479 |
Connection to a remote SSH server running OpenSSH 7.4, or older, through SPS can fail.
If the relayed authentication method was set to 'Public key' with 'Agent' selected for an SSH Authentication policy and the target SSH server was running OpenSSH 7.4, 7.3, or 7.2, connecting to the server through SPS could fail.
In this case, the following line was written in the log: "Client side public key signature algorithm is unsupported by the server; signature_algo='...'"
This issue has been fixed. Public key authentication to remote SSH servers running OpenSSH 7.4, 7.3, or 7.2 now works. |
415489 |
Table 2: Resolved Common Vulnerabilities and Exposures (CVE) in release 7.0.3 LTS
cloud-init: |
CVE-2023-1786 |
erlang: |
CVE-2022-37026 |
freetype: |
CVE-2023-2004 |
ipmitool: |
CVE-2020-5208 |
ldb: |
CVE-2023-0614 |
libwebp: |
CVE-2023-1999 |
libxml2: |
CVE-2023-28484 |
|
CVE-2023-29469 |
linux: |
CVE-2022-3108 |
|
CVE-2022-3903 |
|
CVE-2023-1281 |
|
CVE-2023-1829 |
|
CVE-2023-26545 |
openjdk-lts: |
CVE-2023-21930 |
|
CVE-2023-21937 |
|
CVE-2023-21938 |
|
CVE-2023-21939 |
|
CVE-2023-21954 |
|
CVE-2023-21967 |
|
CVE-2023-21968 |
openssl: |
CVE-2023-0464 |
|
CVE-2023-0465 |
|
CVE-2023-0466 |
samba: |
CVE-2023-0614 |
|
CVE-2023-0922 |
sqlparse: |
CVE-2023-30608 |
sudo: |
CVE-2023-2848 |
|
CVE-2023-28486 |
|
CVE-2023-28487 |
vim: |
CVE-2021-4166 |
|
CVE-2021-4192 |
|
CVE-2021-4193 |
|
CVE-2022-0213 |
|
CVE-2022-0261 |
|
CVE-2022-0318 |
|
CVE-2022-0319 |
|
CVE-2022-0351 |
|
CVE-2022-0359 |
|
CVE-2022-0361 |
|
CVE-2022-0368 |
|
CVE-2022-0408 |
|
CVE-2022-0413 |
|
CVE-2022-0443 |
|
CVE-2022-0554 |
|
CVE-2022-0572 |
|
CVE-2022-0629 |
|
CVE-2022-0685 |
|
CVE-2022-0714 |
|
CVE-2022-0729 |
|
CVE-2022-1629 |
|
CVE-2022-1674 |
|
CVE-2022-1720 |
|
CVE-2022-1733 |
|
CVE-2022-1735 |
|
CVE-2022-1785 |
|
CVE-2022-1796 |
|
CVE-2022-1851 |
|
CVE-2022-1898 |
|
CVE-2022-1927 |
|
CVE-2022-1942 |
|
CVE-2022-1968 |
|
CVE-2022-2124 |
|
CVE-2022-2125 |
|
CVE-2022-2126 |
|
CVE-2022-2129 |
|
CVE-2022-2175 |
|
CVE-2022-2183 |
|
CVE-2022-2206 |
|
CVE-2022-2207 |
|
CVE-2022-2304 |
|
CVE-2022-2344 |
|
CVE-2022-2345 |
|
CVE-2022-2571 |
|
CVE-2022-2581 |
|
CVE-2022-2845 |
|
CVE-2022-2849 |
|
CVE-2022-2923 |
|
CVE-2022-2946 |
|
CVE-2022-2980 |