Problem
A vulnerability within the TPAM product has been identified. This vulnerability is caused by an inadequate parameter validation on a small number of seldom used input fields.
How does this affect TPAM?
This could allow a highly-privileged authenticated user to gain limited access to the underlying system software via a specially crafted value added to these seldom used fields. This impacts versions 2.5.904 - 2.5.915 of TPAM.
Resolution
This vulnerability has been resolved in TPAM 2.5.916 therefore it is suggested that customer upgrade to this latest version.
For those customers not able to upgrade to 2.5.916 at this time we strongly recommend applying hotfix 7851 immediately. This hotfix resolves the previously mentioned vulnerability and also adds additional layers of security to prevent such an attack in the future.
The upgrade can be download from the Support customer portal.
The hotfix can be downloaded from the TPAM customer portal.
For additional information regarding the 2.5.916 release please review the product release notes located here.
Questions or comments
If you have any questions or comments, please Contact Support. If you have a technical issue, please log a Service Request.
Thank You,
One Identity
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
