RSA Product Name | Versions | Impacted? | Details | Last Updated |
---|---|---|---|---|
3D Secure / Adaptive Authentication eCommerce | All Supported | Investigating | 4/12/2016 | |
Access Manager | All Supported | Not Impacted | 4/22/2016 | |
Adaptive Authentication Hosted | All Supported | Investigating | 4/12/2016 | |
Adaptive Authentication On-Prem | All Supported | Not Impacted | 4/19/2016 | |
Archer Hosted | N/A | Not impacted | 4/12/2016 | |
Archer Platform | All Supported | Not Impacted | 4/12/2016 | |
Archer SecOps | All Supported | Not Impacted | Archer SecOps solution integrates with Security Analytics; follow guidelines provided for Security Analytics. | 4/18/2016 |
Archer Vulnerability & Risk Manager (VRM) | All Supported | Not Impacted | Archer VRM solution integrates with Security Analytics; follow guidelines provided for Security Analytics. | 4/18/2016 |
Authentication Manager Software Platform | All Supported | Not Impacted | 4/13/2016 | |
Authentication Manager Appliance | All Supported | Not Impacted | 4/13/2016 | |
BSAFE C Products: MES, Crypto-C ME, SSL-C | All Supported | Not Impacted | 4/22/2016 | |
BSAFE Java Products: Cert-J, Crypto-J, SSL-J | All Supported | Not Impacted | 4/22/2016 | |
Data Loss Prevention | 9.6 | Not Impacted | 4/19/2016 | |
Data Protection Manager | All Supported | Not Impacted | 4/22/2016 | |
DCS: Certificate Manager | All Supported | Not Impacted | 4/12/2016 | |
DCS: Validation Manager | All Supported | Not Impacted | 4/12/2016 | |
ECAT | All Supported | Not Impacted | Product relies on underlying OS to provide support for affected protocols. Follow OS vendor guidelines to patch underlying host. | 4/18/2016 |
eFraudNetwork (eFN) | All Supported | Impacted | Service utilizes Windows based servers. Servers will be patched during next regular cycle. | 4/25/2016 |
Federated Identity Manager | All Supported | Not Impacted | 4/25/2016 | |
FraudAction (OTMS) | All Supported | Impacted | Service utilizes Windows based servers. Servers will be patched during next regular cycle. | 4/25/2016 |
RSA Central | All Supported | Not Impacted | 4/25/2016 | |
RSA Live Infrastructure | All Supported | Not Impacted | 4/25/2016 | |
SecurID Agent for PAM | All Supported | Not Impacted | 4/13/2016 | |
SecurID Agent for Web | All Supported | Not Impacted | 4/13/2016 | |
SecurID Agent for Windows | All Supported | Not Impacted | 4/13/2016 | |
SecurID Authentication Engine | All Supported | Not Impacted | 4/13/2016 | |
SecurID Authentication SDK | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token Converter | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token for Android | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token for Blackberry | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token for Desktop | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token for iPhone | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token for Windows Mobile | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token Toolbar | All Supported | Not Impacted | 4/13/2016 | |
SecurID Software Token Web SDK | All Supported | Not Impacted | 4/13/2016 | |
SecurID Transaction Signing SDK | All Supported | Not Impacted | 4/13/2016 | |
Security Analytics (Physical and Virtual Appliances) | All Supported | Impacted | Only Malware Analysis (MA) component of Security Analytics is impacted. A workaround is to toggle off SAMBA and use FTP or NONE for File Sharing Protocol (see MA Config Guide). This issue is fixed in SA 10.6.0.2 (see ESA-2016-058), and will be fixed in SA 10.5.2.1 / 10.4.1.6 / 10.3 hotfix (target date not available). | 6/2/2016 |
Via Access IDR VM | All Supported | Not Impacted | 4/13/2016 | |
Via Access Cloud Service | All Supported | Not Impacted | 4/13/2016 | |
Via Lifecycle and Governance Software (Identity Management & Governance Software) | All Supported | Not Impacted | Samba/CIFS is not used by Via L&G. Follow OS vendor guidelines to patch underlying host. | 4/18/2016 |
Via Lifecycle and Governance Appliance (Identity Management & Governance Appliance) | All Supported | Not Impacted | Samba/CIFS is not used by Via L&G. The underlying O/S is affected; a fix is provided in Appliance Updater Q2-2016 Release. | 7/28/2016 |
Via Lifecycle and Governance SaaS | All Supported | Not Impacted | Samba/CIFS is not used by Via L&G. The underlying O/S is affected; a patch will be applied in the next maintenance window (ETA not available). | 4/18/2016 |
Web Threat Detection | All Supported | Not Impacted | 4/22/2016 |
Disclaimer Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. |