[July 14,2015] Signiant Manager+Agents and Media Exchange Security Advisory
A security vulnerability has recently been identified in the Signiant Manager+Agents and Media Exchange software. This vulnerability can be exploited by sophisticated attackers with knowledge of the system to gain unauthorized access. We are recommending that vulnerable systems be patched as soon as possible as described further below.
Products confirmed vulnerable:Signiant Managers+Agent and Media Exchange version 10.6, 11.0, 11.1, 11.2, 11.3 and 11.4
The risk is significantly reduced for Signiant Managers and Media Exchange webservers that are not accessible via the internet.
Products confirmed not vulnerable:Signiant Manager+Agents and Media Exchange 10.0, 10.1, 10.2, 10.3, 10.4 and 10.5
Signiant Media Shuttle
Software Version and Fixes:The vulnerability has been fixed in the following releases:
- Signiant Manager+Agents 10.6 LA 10 (build 483)
- Signiant Manager+Agents 11.0 LA 5 (build 401)
- Signiant Manager+Agents 11.1 LA 7 (build 332)
- Signiant Manager+Agents 11.2 LA 4 (build 267)
- Signiant Manager+Agents 11.3 LA 4 (build 201)
- Signiant Manager+Agents 11.4 LA 3 (build 128)
We strongly recommend you upgrade the Signiant Manager to one of the above releases as soon as possible. Please ensure you run a successful manager backup before upgrading.
There is no need to upgrade Media Exchange web servers once the manager has been patched.
You can obtain the software through the Signiant Software Portal. If you do not have a login account to the portal, please request one from Signiant Support by emailing firstname.lastname@example.org.
For any questions or concerns, please feel free to contact us.
Thank you for choosing Signiant.