3D Secure / Adaptive Authentication eCommerce | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Access Manager | 6.2 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
Adaptive Authentication Cloud | | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Adaptive Authentication Hosted | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Adaptive Authentication On-Prem | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
Archer Hosted (US) | | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Archer Hosted (EMEA) | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Archer Platform | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
Archer Security Operations Management (SecOps) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
Archer Vulnerability & Risk Manager (VRM) - Hardware Appliance | All Supported | Not Impacted | As a single, root-user-only appliance, the reported issues do not introduce any additional security risk to a customer's environment because a root level user already has full access to all information on the system. Customers should follow the recommended best practices to protect the access of highly privileged accounts. For guidance on updating your RSA Archer VRM Hardware Appliance with the latest OS and BIOS firmware updates, refer to KB article 000036320. | 2018-05-15 |
Archer Vulnerability & Risk Manager (VRM) - Virtual Appliance | All Supported | Not Impacted | It is a single-user, root-user-only virtual appliance. The reported issues do not introduce any additional security risk to a customer's environment for "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. For guidance on applying OS patches to your RSA Archer VRM Virtual Appliance, refer to KB article 000036184. | 2018-05-15 |
Authentication Manager (Hardware Appliance - Dell PowerEdge & Intel platforms) | All Supported | Not Impacted | It is a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed. | 2018-01-10 |
Authentication Manager (Virtual Appliance) | All Supported | Not Impacted | It is a single-user, root-user-only virtual appliance. The reported issues do not introduce any additional security risk to a customer's environment for "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. | 2018-01-10 |
Authentication Manager Web Tier | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
BSAFE C Products: MES, Crypto-C ME, SSL-C | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
BSAFE Java Products: Cert-J, Crypto-J, SSL-J | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
Data Loss Prevention (Hardware Appliance) | 9.6.x, 9.5.x | Impacted - Remediated | Refer to the security advisory DSA-2018-163. | 2018-09-11 |
Data Loss Prevention (Virtual Appliance) | 9.6.x, 9.5.x | Impacted - Remediated | Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. Refer to the security advisory DSA-2018-163 for updating guest operating system to prevent "in-guest" attacks. | 2018-09-11 |
Data Protection Manager (Software) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
Data Protection Manager (Hardware Appliance) | All Supported | Impacted - Remediated | RSA Data Protection Manager 3.5.2.6.1 contains resolution for this issue. For more details, refer to the security advisory DSA-2018-078. | 2018-05-31 |
Data Protection Manager (Virtual Appliance) | All Supported | Impacted - Remediated | Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. RSA Data Protection Manager 3.5.2.6.1 contains resolution for this issue. For more details, refer to the security advisory DSA-2018-078. | 2018-05-31 |
DCS: Certificate Manager | 6.9 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
DCS: Validation Manager | 3.2 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
eFraudNetwork (eFN) | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
enVision | EOL | | The product has reached End of Life. Please refer to the Product Version Life Cycle for RSA enVision page on RSA Link. | 2018-01-11 |
Federated Identity Manager | 4.2 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
FraudAction (OTMS) | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Identity Governance and Lifecycle (Software), Via Lifecycle and Governance (Software), Identity Management & Governance (Software) | 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
Identity Governance & Lifecycle (Hardware Appliance), Via Lifecycle & Governance (Hardware Appliance), Identity Management & Governance (Hardware Appliance) | 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 | Impacted | Remediation plan is in progress. An appliance updater with OS updates and a security advisory on applying the BIOS fix will be made available (target date: TBD). Any Remote Agents or Remote AFX deployed in customer environment are a software product only and are not impacted. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-24 |
Identity Governance and Lifecycle SaaS / MyAccessLive | | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. Any Remote Agents or Remote AFX deployed in customer environment are a software product only and are not impacted. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-15 |
NetWitness Endpoint (ECAT) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
NetWitness Logs & Packets / Security Analytics (Hardware Appliance) | All Supported | Not Impacted | As a single, root-user-only appliance, the reported issues do not introduce any additional security risk to a customer's environment because a root level user already has full access to all information on the system. Customers should follow the recommended best practices to protect the access of highly privileged accounts. The BIOS/OS updates will be incorporated to the product release as part of the regular patching process (current target date is February, 2018). | 2018-01-17 |
NetWitness Logs & Packets / Security Analytics (Virtual Appliance) | All Supported | Not Impacted | It is a single-user, root-user-only virtual appliance. The reported issues do not introduce any additional security risk to a customer's environment for "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. | 2018-01-11 |
NetWitness Logs & Packets / Security Analytics - Legacy Windows Collector | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
NetWitness Live Infrastructure | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
RSA Authentication Client (RAC) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
RSA Central | | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
SecurID Access Cloud Service | All Supported | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-15 |
SecurID Access IDR VM | All Supported | Not Impacted | Access to the virtual appliance OS to load external code is restricted to highly privileged accounts only. The reported issues do not introduce any additional security risk to a customer's environment for potential "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. | 2018-01-15 |
SecurID Agent for PAM | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Agent for Web | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Agent for Windows | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Authenticate App for Android | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
SecurID Authenticate App for iOS | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
SecurID Authenticate App for Windows 10 | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
SecurID Authentication Engine | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Authentication SDK | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token Converter | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token for Android | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token for Blackberry | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token for Desktop | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token for iPhone | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token for Windows Mobile | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token Toolbar | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Software Token Web SDK | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SecurID Transaction Signing SDK | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
SYN | | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 |
Web Threat Detection | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |