cancel
Showing results for 
Search instead for 
Did you mean: 

Security Vulnerability Notification – SS&C Blue Prism Enterprise

MelanieGiuliani
Community Team (Retired)

SS&C Blue Prism prides itself on its proactive approach to application security. Protecting our customers – including their data and systems is paramount as we strive to deliver security excellence.

To further ensure the security of our products, we have been working closely with a leading security research organisation to conduct in-depth testing. During this cooperative engagement, they identified new vulnerabilities. These vulnerabilities can only be exploited under very limited conditions. However, since any security exposure could lead to critical consequences, we urge you to take immediate action.

For the protection of our customers, full details of the vulnerabilities will not be released until we are satisfied adequate protections are available.

Although the potential impact of the vulnerabilities is critical, there is a low probability of successful exploitation due to the need for several complex pre-requisites. The ability to exploit these vulnerabilities is extremely restricted once the following Blue Prism Robotic Operating Model (ROM) practices have been implemented:

  • Blue Prism platform components are set up in a logically secured network.
  • Access is limited to approved devices.
    • For example, controllers' devices connecting via RDP (Remote Desktop Protocol) to interactive clients.
  • Ensuring inbound and outbound connections are allow-listed where possible.

The Blue Prism Cloud platform was built following security best practice guidelines, therefore, no further action is required for cloud customers. For more information on our approach to cloud security, click here.


Resolving the issue

We have taken immediate steps to mitigate any risks resulting from the vulnerabilities.

We are working on security patches for all versions of SS&C Blue Prism Enterprise starting at version 6.4. The patches are already incorporated into our latest release, version 7.1, which can be downloaded here.

For further support, please see our continuously updated knowledge base article here.



------------------------------
Melanie Giuliani
Online Community Manager
Blue Prism
------------------------------
2 REPLIES 2

Sheela
Level 6
Hi @Melanie Giuliani

Thank you the notification.
Could you please let me know where can I find the security patch for V6.10.2.

Regards,
Sheela


------------------------------
Sheela Parthasarathy
Assistant Vice President
Deutsche Bank Group
Pacific/Apia
------------------------------

MelanieGiuliani
Community Team (Retired)
Hi @Sheela Parthasarathy,

The resolutions for reported CyberArk issues are provided in 6.10.5 and that is our release for all customers on the 6.10 series, we are not going to be issuing any versions specific to previous patch version (i.e. 6.10.2 + CyberArk fixes).​

Thank you,
Melanie

------------------------------
Melanie Giuliani
Online Community Manager
Blue Prism
------------------------------