Verify Privilege Vault: 10.9.000002 Release Notes
September 22, 2020
The system requirements last changed with version 10.7.000000. See Verify Privilege Vault Release Notes 10.7.000000 for details.
Upgrade Notes
IBM Security encourages all customers to upgrade at the earliest opportunity.
Security
Security update to resolve a SQL injection vulnerability that an authenticated administrative user could exploit to achieve remote code execution on the Verify Privilege Vault host system.
Common Vulnerability Scoring System (CVSS) v3.1 score: 8.0 (High).
CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Verify Privilege Vault Cloud has been updated to include this security fix.
New Features and Enhancements
None
Bug Fixes
The following bug fixes apply to non-cloud Verify Privilege Vault only. Verify Privilege Vault Cloud has not been updated to include these fixes.
- Fix to Discovery rules to correctly handle OUs with bracketed names.
- Secret names in reports are now links to the corresponding secret.
- Logout from Verify Privilege Vault no longer sends the
Clear-Site-Data
header, which could previously log users out of unrelated Web applications. - SSH connections via SSH proxy now close correctly.
- Fixed an SSH proxy connection timeout when connecting via a distributed engine.