Skip to main content
Delphix

Summary of Fixed Security Issues (KBA8547)

 

KBA

KBA# 8547

 

Description

The following table summarizes security vulnerabilities already fixed by Delphix in current and past releases. The table only contains vulnerabilities with a Common Vulnerability Scoring System (CVSS1) score of 7.0 or higher.  

Bug Number Affected Release(s) Description Doc Link Published

CVSS1 Score

Introduced Resolved
DLPX-78743 see bulletin 6.0.12.0 Log4j Vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2019-17571, CVE-2021-4104) TB095 18 Dec 2021 10.02
DLPX-77921 6.0.8.0 6.0.11.0 Arbitrary Code Execution by Delphix System Administrators may be Performed on Virtualization and Masking Engines TB094 10 Nov 2021 8.7
DLPX-74767 5.2.0.0 6.0.8.0 jQuery version affected by CVE-2020-11023 (cross-site scripting vulnerability) TB092 17 May 2021 7.6
DLPX-74030 5.1.3.1 6.0.7.0 Oracle Database Passwords May Be Exposed in Logs and Process Tools TB089 15 Mar 2021 8.8
DLPX-73969
DLPX-74001
6.0.0.0 6.0.6.1 An Authenticated Delphix User May Be Granted OS-Level Access on Engines Deployed in Azure TB087 2 Feb 2021 8.1
DLPX-73338 5.2.0.0 6.0.6.0 XSS Vulnerability with Masking Environment Overview Page TB086 21 Jan 2021 9.0

DLPX-72809

5.1.3.1 6.0.0.0 libpam Can Cause Buffer Overflow (CVE-2020-27678) TB085 19 Nov 2021 10.0
DLPX-72686 5.0.1.0 6.0.6.0 Leaked Password when using EBS Plugins, HANA Plugins, or ASE Hooks TB084 21 Jan 2021 8.2
DLPX-71432 5.2.0.0 6.0.4.0 Non-privileged user may be able to perform certain actions on the Masking Engine TB083 15 Sep 2020 8.5
DLPX-71014 6.0.1.0 6.0.3.0 Passwordless Login Succeeds to Masking Engine configured for LDAP TB078 3 Aug 2020 10.0
DLPX-70299
DLPX-70370
DLPX-69843
DLPX-69844
DLPX-69889
DLPX-70034
DLPX-69916
DLPX-70029
DLPX-70030
DLPX-70033
DLPX-70035
DLPX-70036
5.2.0.0 6.0.3.0 XSS Vulnerability on the Masking Engine TB077 3 Aug 2020 9.0
DLPX-70089 5.1.2.0 6.0.3.0 Billion Laughs DoS Vulnerability in Virtualization Engine TB080 9 Sep 2020 7.5
DLPX-69237 5.2.0.0 6.0.1.1 XSS Vulnerability on the Masking Mainframe Inventory UI TB073 17 Jul 2020 9.0
DLPX-69238 6.0.1.0 6.0.1.1 Shuffle Algorithm Leaves Data Unmasked But Reports Success When Used With Extended Connectors TB072 17 Jul 2020 8.6
DLPX-68061 5.2.0.0 6.0.0.0
5.3.8.0
XSS Vulnerability on the Masking Rule Set and Inventory Pages TB069 17 Jul 2020 9.0
DLPX-67976 5.3.2.0 6.0.0.0
5.3.8.0
XSS Vulnerability on the Masking Audit Page TB068 17 Jul 2020 9.6
DLPX-69317 5.3.6.0 6.0.0.0
5.3.9.1
XSS Vulnerability on the Pattern in file ruleset is vulnerable to XSS attack TB074 15 Jul 2020 9.0
DLPX-67587
DLPX-67759
5.2.0.0 6.0.1.0 In Certain Specific Situations, Sensitive Information May Be Written to Phone-Home Files TB067 7 Jan 2020 8.4
DLPX-66141 5.2.0.0 5.3.6.0 In Certain Specific Situations, Sensitive Information May Be Written to Log Files TB065 19 Dec 2020 7.7
DLPX-65006
DLPX-65011
DLPX-65093
DLPX-65007
DLPX-65010
DLPX-65040
DLPX-65041
5.2.1.0 5.3.5.0 Sensitive Information May Be Written to Masking Log Files TB063 16 Jul 2019 9.0

1Common Vulnerability Scoring Subsystem (CVSS v3.1, issues published before 2019 scored with CVSS v3.0)

2See related bulletin. There is no actual vulnerability in most Delphix products.

 

Related Documents

Common Vulnerability Scoring System (external web page)

Delphix Knowledge Base : Security Bulletins

Product Lifecycle Policies

 

Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1, 6.0.11.0

5.3

5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0, 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0

5.2

5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1

5.1

5.1.0.0, 5.1.1.0, 5.1.2.0, 5.1.3.0, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0, 5.1.10.0

5.0

5.0.1.0, 5.0.1.1, 5.0.2.0, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.3.0, 5.0.3.1, 5.0.4.0, 5.0.4.1, 5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, 5.0.5.4