Identity Cloud customers
If you have integrated Identity Cloud with Web Agents, you should secure your Web Agents as recommended in this security advisory.
July 8, 2021
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.7.0, 5.8.0, 5.8.1 and 5.8.2, and could be present in older unsupported versions.
The maximum severity of issues in this advisory is High.
The advice is to upgrade. In some cases, a workaround is given which may be suitable, but an upgrade to the latest version is the recommended approach.
Details about these vulnerabilities are deliberately kept to a minimum to protect your deployments and prevent someone trying to exploit them in the field. Please do not ask for steps to reproduce for the same reasons.
|Affected versions||Web Agent 5.7.0, 5.8.0, 5.8.1 and 5.8.2|
You can secure your Agents using one of the following two options:
- Add a proxy rule to redirect traffic from the agent logout endpoint(s) to <AM URL>/UI/Logout.
- Disable the agent logout by either removing the Agent Logout URL Regular Expression or Logout URL List of the agent logout URL. See AM Services Properties for further information.
Upgrade to a fixed version.
The following table tracks changes to the security advisory:
|July 8, 2021||Initial release|