Fix Readme
Abstract
The release contains remediation for the critical vulnerability in Privilege Vault SOAP API that could allow an attacker to bypass authentication.
Content
Download
| Download | Release Date | Size | Download Options |
|---|---|---|---|
| 11.6-ISV-PV-11.6.000026.zip | 16-April-2024 | 1.33 GB | FixCentral |
The REST API was not impacted. The Privilege Vault cloud is patched and no longer vulnerable. Additionally, the patches for prior versions with the same fix gets released as testing is completed.
Remediation
- If your Privilege Vault instance is exposed to the public internet, you are at significant risk. Contact the support team to guide your team through the remediation steps and answer any questions from you or your team.
- As a precautionary measure rotate your passwords often until mitigation is in place.
- As soon as the patch is available, patch all systems.
Step Upgrade Process
- A Step Upgrade is required from versions prior to 11.5.2 (11.5.000002) before you can upgrade to 11.6.000026.
- The automatic downloads in the product will get the right versions for the step upgrade and then allow the 11.6.000026 upgrade.
- If offline and using the file upload method, versions prior to 11.5.2 will get an error message saying, "Integrity Check failed - Security Catalog is signed by thumbprint that is not specifically trusted." The remedy is to first upgrade to 11.5.000002(or 11.5.000003) and then do the upgrade to 11.6.000026.
If you are on an older version of Privilege Vault and you cannot upgrade to the latest version, please contact our support team for assistance and guidance.
For more information about installation, upgrading to the latest release, refer to the following topic:
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS2N2U","label":"IBM Security Verify Privilege"},"ARM Category":[{"code":"a8m3p000000UoHvAAK","label":"Troubleshooting"}],"Platform":[{"code":"PF017","label":"Mac OS"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
16 April 2024
UID
ibm17148305