지금 지원 담당자와 채팅
지원 담당자와 채팅
셀프 서비스 도구
지식 기반
내 계정
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
지원 핵심 사항
수상 및 기념 인사
시작하기
라이센스 계약
지원 설명서

Active Roles 제품 알림

반품
Critical Alerts
Critical Notification

Active Roles 7.4.x and 7.5.x

 

A security vulnerability was discovered in one of the authentication components that may be used when logging into the Active Roles Web Interface. This vulnerability could allow an attacker to gain unauthorized access. 

How does this affect me?

If you have installed and configured the Redistributable STS component by following the section located in Appendix E of the Active Roles Administration Guide (versions 7.4.x and 7.5) and your users authenticate against an identity provider STS such as Microsoft ADFS, Microsoft Azure AD, Okta, or Ping Federate you may be affected by this security vulnerability.

Resolution 

A security fix has been released for Active Roles 7.4.x and 7.5. if you have installed and configured the Redistribute STS component as described above, we recommend this patch be applied. 

If you have not installed the Redistributable STS and are using the default IIS Windows authentication to log into the Active Roles Web Interface, you would not be affected.

Status

A hotfix for Active Roles versions 7.4.x and 7.5 is now available. Please review KB 337963 for further details on this issue. 

We apologize for the inconvenience this issue may have caused.