Skip to main content
Delphix

TB098 Arbitrary Code Execution May Be Performed When Configuring Masking Environments

  1. Last updated
  2. Save as PDF
 

 

 

Alert Type

Security

Impact

FIPS 199 Severity Level: 

CVSSv3.1 Base Score: 8.2

Attack Vector (AV): L

Attack Complexity (AC): L

Privileges Required (PR): H

User Interaction (UI): N

Scope (S): C

Confidentiality (C): H

Integrity (I): H

Availability (A): H
 

Under certain conditions, arbitrary code execution may be performed by users with the privilege to configure masking environments within a Continuous Compliance Engine (Masking Engine). Exploitation requires multiple interactive steps by a user with the necessary privileges.

Contributing Factors

This article applies to the following versions of the Continuous Compliance Engine:

Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1, 6.0.11.0, 6.0.12.0, 6.0.12.1, 6.0.13.0, 6.0.13.1

5.3

 5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0, 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0

5.2

5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1

Symptoms

Arbitrary code execution.

Relief/Workaround

Customers can take steps to apply standard security good practices to minimize the likelihood of abuse of this vulnerability, including:

  • Limit access to Continuous Compliance Engines (Masking Engines) to authorized personnel

  • Place Continuous Compliance Engines (Masking Engines) on controlled access network segments

Resolution

This issue is resolved in Delphix release 6.0.14.0.

Additional Information

None

Related Documents

None

 

Privacy Policy Terms of Use Legal About
© 2024 Delphix Corp