Security Advisory for Login Enterprise
Login VSI identified a critical vulnerability that allows for unauthenticated access to Login Enterprise.
The vulnerability could be exploited to allow configuration access and remote code execution. The security advisory impacts Login Enterprise versions 4.1.x to 4.9.9. Login VSI has released a patch to resolve the issue in version 4.9.10.
Impacted Software Versions
Login Enterprise 4.1.x - 4.9.9
This is a critical vulnerability; immediate remediation is recommended the expected resolution time is 30 minutes when performing an online upgrade.
Login Enterprise 4.9.x customers, are recommended to perform an online update to version 4.9.10 in case this is not possible a offline update is available.
Earlier versions should be patched to at least version 4.8.10. However, we strongly recommend that customers evaluate a full version upgrade to version 4.9.10.
For updates, please check this knowledge base article regularly.
Upgrading to Login Enterprise 4.9.10
For existing Login Enterprise customers, online upgrades are possible. Customers may upgrade directly within the product. Additional information is available in a Knowledge Article.
For customers that want to upgrade offline, you may download the upgrade ISO file to Login Enterprise 4.9.10 here.
No workaround available.
We appreciate and value having security concerns brought to our attention. Login VSI constantly monitors for both known and unknown threats.
The identified security vulnerability remains if you do not complete all recommended steps. Login VSI is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty. Login VSI reserves the right to change or update this document at any time. Login VSI expects to update this document as added information becomes available.
2022-09-11: Published advisory
2022-10-11: Announced public availability of 4.9.10 patch release