1. Select only the "Kerberos" option as the authentication protocol within Active Directory authentication server configuration on the PCS or PPS. A restart of services will be required for this config change to take effect.
(OR)
2. Use strong authorization rules (role mapping rules) to reduce the impact/risk of this vulnerability; as this vulnerability can be exploited to bypass only the authentication step of the login flow (the authorization process will still be executed and may successfully restrict access to any resources) Some examples of strong authorization rules include role mapping based on group membership or role mapping based on specific attributes.
Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other bulletins (
JSA10414 and
JSA10415). This enables customers to upgrade once and have all issues resolved with the upgrade.