SS&C Blue Prism prides itself on its proactive approach to application security. Protecting our customers – including their data and systems is paramount as we strive to deliver security excellence.
To further ensure the security of our products, we have been working closely with a leading security research organisation to conduct in-depth testing. During this cooperative engagement, they identified new vulnerabilities. These vulnerabilities can only be exploited under very limited conditions. However, since any security exposure could lead to critical consequences, we urge you to take immediate action.
For the protection of our customers, full details of the vulnerabilities will not be released until we are satisfied adequate protections are available.
Although the potential impact of the vulnerabilities is critical, there is a low probability of successful exploitation due to the need for several complex pre-requisites. The ability to exploit these vulnerabilities is extremely restricted once the following Blue Prism Robotic Operating Model (ROM) practices have been implemented:
- Blue Prism platform components are set up in a logically secured network.
- Access is limited to approved devices.
- For example, controllers' devices connecting via RDP (Remote Desktop Protocol) to interactive clients.
- Ensuring inbound and outbound connections are allow-listed where possible.
The Blue Prism Cloud platform was built following security best practice guidelines, therefore, no further action is required for cloud customers. For more information on our approach to cloud security, click here.
Resolving the issue
We have taken immediate steps to mitigate any risks resulting from the vulnerabilities.
We are working on security patches for all versions of SS&C Blue Prism Enterprise starting at version 6.4. The patches are already incorporated into our latest release, version 7.1, which can be downloaded here.
For further support, please see our continuously updated knowledge base article here.