Security Bulletin: 2 (AMPS 2016-11-07)
Summary: 60East has become aware of a security vulnerability in AMPS. This vulnerability affects publish entitlement filters in the AMPS server. For non-SOW topics or SOW topics that use explicit keys, when no subscribers use content filters and the topics are not replicated with a content filter, AMPS could skip parsing messages before applying the publish entitlement filter. This resulted in every field of the message being evaluated as NULL for the publish entitlement filter. Topics that do not meet the list of conditions above are not affected. Subscribe entitlement filters are not affected.
Recommended Action: If you are using publish entitlement filters that reference content in the document for non-SOW topics or SOW topics with explicitly provided keys, 60East recommends immediately upgrading to a minimum version of 4.3.2.30 or 5.0.0.30.
Affected Versions:
AMPS 4 prior to AMPS 4.3.2.30
AMPS 5 prior to AMPS 5.0.0.30
Comments