In regards to the Security Vulnerability Alert that OpenText sent out to eDOCS DM customers on March 10, 2015, it appears the security vulnerability only affects eDOCS systems with Auto Login enabled. Details of the latest update from OpenText can be found below.
With this updated information, if Auto Login is enabled and used within your environment, disabling the feature will affect your SeeUnity Web Part Solutions. If Auto Login is not being used with eDOCS, SeeUnity Solutions will not be affected and no course of action is required.
If you disable Auto Login within eDOCS then Single Sign On (SSO) needs to be configured within your SeeUnity solution.
Additionally, if you choose to follow the recommendations in the Security Vulnerability Alert and disable SQL Passthrough then some action may be required.
In order for your SeeUnity Solution to work with SQL Passthrough disabled, you must have the following within your environment:
- eDOCS DM must be at least 5.3.1 Patch 5
- SeeUnity Version 5 R3 or R4. If your SeeUnity Software is Version 5 R3, then the following patches need to be applied
- eDOCS Privileged Logon Support (All Platforms) – 070913_V5R3-014 – This patch added support for the privileged logon which uses an app key provided by OpenText to allow SQL pass-through.
- eDOCS Privileged Auto-Logon (SP 2010) – 120213_V5R3-038 – This patch added support for the privileged auto-logon which uses an app key provided by OpenText to allow sql passthrough. Once this patch has been applied, then auto-logon will only work if you’re using DM 5.31 patch 5 or higher
Posted on: March 11, 2015