SS&C Blue Prism prides itself on its proactive approach to application security. Protecting our customers – including their data and systems is paramount as we strive to deliver security excellence.
To further ensure the security of our products, we have been working closely with a leading security research organisation to conduct in-depth testing. During this cooperative engagement, they identified new vulnerabilities. These vulnerabilities can only be exploited under very limited conditions. However, since any security exposure could lead to critical consequences, we urge you to take immediate action.
For the protection of our customers, full details of the vulnerabilities will not be released until we are satisfied adequate protections are available.
Although the potential impact of the vulnerabilities is critical, there is a low probability of successful exploitation due to the need for several complex pre-requisites. The ability to exploit these vulnerabilities is extremely restricted once the following Blue Prism Robotic Operating Model (ROM) practices have been implemented:
The Blue Prism Cloud platform was built following security best practice guidelines, therefore, no further action is required for cloud customers. For more information on our approach to cloud security, click here.
We have taken immediate steps to mitigate any risks resulting from the vulnerabilities.
We are working on security patches for all versions of SS&C Blue Prism Enterprise starting at version 6.4. The patches are already incorporated into our latest release, version 7.1, which can be downloaded here.
For further support, please see our continuously updated knowledge base article here.