Security Bulletin: 4 (AMPS 2018-07-31)

Security Bulletin: 4 (AMPS 2018-07-31)

Summary: 60East has become aware of a security vulnerability in AMPS. This vulnerability occurs
in sow query commands (including the sow portion of sow_and_subscribe), sow_delete commands,
and queue subscriptions when those commands use a regular expression to specify the topics
to operate on. For these commands, a user could be allowed to retrieve or delete messages
even if an entitlement filter is in place that should prevent the user from reading or
deleting the messages. Topic-level access is unaffected, this bulletin applies
only to entitlement filters.


Recommended Action: If your installation uses entitlement filters to enforce content restrictions
to queues or topics in the State-of-the-World, 60East recommends immediately upgrading to
5.2.2.35, 5.2.0.201, and 5.0.0.151.


Affected Versions:

AMPS versions before AMPS 5.2.2.35, 5.2.0.201, and 5.0.0.151. Notice that
regular expression topics were not supported for sow_delete prior to
AMPS 5.0.0.3.