RSS Feed
Posted by Bal√°zs Hadnagy on 2018 January 05 17:46

Dear Customers,

Balabit Privileged Access Management and syslog-ng Store Box products are affected by both vulnerabilities. However, based on the currently available information, the potential impact of the vulnerabilities is very low as both products run only trusted applications supplied by Balabit and besides troubleshooting, no user access is allowed on the box (troubleshooting access already has high - root - privileges). A potential attacker with code execution capabilities would have also very limited gain from exploiting the vulnerabilities as local code execution would have access to most local services anyhow.
As more information becomes available, Balabit will investigate the problem further and release updates with new information if necessary.


Best regards,


BalaBit Support Team