Security Bulletin: 4 (AMPS 2018-07-31)


Security Bulletin: 4 (AMPS 2018-07-31)

Summary: 60East has become aware of a security vulnerability in AMPS. This vulnerability occurs
in sow query commands (including the sow portion of sow_and_subscribe), sow_delete commands,
and queue subscriptions when those commands use a regular expression to specify the topics
to operate on. For these commands, a user could be allowed to retrieve or delete messages
even if an entitlement filter is in place that should prevent the user from reading or
deleting the messages. Topic-level access is unaffected, this bulletin applies
only to entitlement filters.

Recommended Action: If your installation uses entitlement filters to enforce content restrictions
to queues or topics in the State-of-the-World, 60East recommends immediately upgrading to,, and

Affected Versions:

AMPS versions before AMPS,, and Notice that
regular expression topics were not supported for sow_delete prior to

Have more questions? Submit a request


Powered by Zendesk