Delphix domain users and system users may use the SFTP service to access the Delphix Engine. When using this service, authenticated users may download system and data files that they would not otherwise be permitted to access, possibly compromising confidentiality of end-user data stored on the Delphix Engine.
Delphix domain users and system users could use the same mechanism to upload new files to the appliance that may interfere with normal operation of the appliance. However, uploading of new files cannot lead to the compromise of end-user data integrity.
The issue occurs in the following Delphix Releases:
- Delphix Engine 18.104.22.168 and Delphix Engine 22.214.171.124
- Delphix Engine 126.96.36.199, Delphix Engine 188.8.131.52, Delphix Engine 184.108.40.206, and Delphix 220.127.116.11
- Delphix Engine 18.104.22.168 and Delphix Engine 22.214.171.124
- Delphix Engine 126.96.36.199 and Delphix Engine 188.8.131.52
- Delphix Engine 184.108.40.206 and Delphix Engine 220.127.116.11
- Delphix Engine 18.104.22.168
- Delphix Engine 22.214.171.124, and Delphix Engine 126.96.36.199
- Delphix Engine 188.8.131.52
The impact of the issue may be mitigated by disabling one or more Delphix user accounts and/or changing the password on existing accounts. The issue cannot be exploited by persons other than those with valid credentials to access the Delphix Engine.
The issue is addressed in Delphix Engine 184.108.40.206, Delphix Engine 220.127.116.11, and later releases.