Security Bulletin: 3 (AMPS 2017-02-07)

Security Bulletin: 3 (AMPS 2017-02-07)

Summary: 60East has become aware of a security vulnerability in AMPS. This vulnerability affects
sow_delete commands that use a regular expression to indicate the topics to delete from and
specify the record to be deleted by providing the SOW key or message data that matches the
record to be deleted. For these commands, a user could be allowed to delete records even if
that user did not have permission to delete records.

Recommended Action: If your installation uses entitlements to control SOW delete privileges,
60East recommends immediately upgrading to 5.0.0.48.

Affected Versions:

AMPS 5 versions between AMPS 5.0.0.3 and AMPS 5.0.0.47, inclusive.
Regular expression topics were not supported for sow_delete prior to
AMPS 5.0.0.3.