Access Anywhere Security Advisory

First published on June 26, 2020

Introduction

Access Anywhere™ uses open-source caching software to improve performance. We have become aware of a setting in the caching software that is provided as part of Access Anywhere versions 1906.06 and 1906.07 that could, dependent on specific deployment topologies, present a security risk.

Although the chances of this occurring are small, we have created a minor update for Access Anywhere to prevent it. All customers running either of the affected versions should apply the update.

Applying the Update

This update will take around ten minutes. Users should not use the system wile the update is being carried out.

To apply the update, ssh in to Access Anywhere host and su to root. Then execute each of these commands:

yum update sme-containers-redis
cd /var/www/smestorage/containers/redis/
docker-compose down --rmi all
docker-compose up -d

If you have a multi-node Access Anywhere installation, perform these steps on each node.

Please feel free to contact us at support@nasuni.com if you have any questions about this update.