Customer Advisory Voltage Simple API 5.30 and z/Protect 8.1.x

Document ID:KM03582153
Creation Date:21-Jan-2020
Modified Date:21-Jan-2020
- Micro Focus Products:
  data security

Summary

Simple API 5.30 and z/Protect 8.1.x and FPE2 Data Protection Types

Reference

Customer Advisory - November 6, 2019

Title:	Simple API 5.30 and z/Protect 8.1.x and FPE2 Data Protection Types
Summary:	Simple API 5.30 and z/Protect 8.1.x allow unsupported use of FPE2 and FPH for formats other than Variable Length Strings.
Risk: Low	Likelihood of occurrence: Low Severity of impact: Low
Problem:	Simple API 5.30 and z/Protect 8.1.x in conjunction with SecureData Appliance 6.9 inadvertently exposes support for Format-Preserving Encryption 2 (FPE2) and Format-Preserving Hash (FPH) data protection algorithms for formats beyond variable length strings (VLS), often referred to as “Hyper-VLS”. These combinations of data protection type and data format are only officially supported with Simple API 6.0 but are not actively blocked by Simple API 5.30 or z/Protect 8.1.x. Production applications that implement FPE2 and FPH outside of VLS should only be deployed with Simple API 6.0 or an upcoming version of z/Protect.
Discovery:	Internal
Cause:	A bug in feature versioning logic allows implementation unsupported features.
Impact:	Unsupported combinations of data protection type and data format are not blocked by Simple API 5.30 or z/Protect 8.1.x in conjunction with SecureData 6.9 and could be implemented in client application code using these releases.
Solution:	Additional FPE2 and FPH data protection types with credit card, social security number, date, number, and SFS formats should be implemented and deployed with Simple API 6.0 client applications or an upcoming version of z/Protect.
Workaround:	N/A
Recommendation:	For client applications requiring FPE2/FPH and formats beyond VLS, implement and deploy solutions built with Simple API 6.0 or an upcoming version of z/Protect. See the Simple API 6.0 release notes, and the SecureData Appliance 6.9 release notes for discussion of this new functionality.
Products Affected:	Simple API 5.30 and z/Protect 8.1.x
Obtaining Support:	If you require technical assistance with this issue, please contact Micro Focus Voltage Customer Support (Phone) https://mysupport.microfocus.com/web/softwaresupport/document/-/facetsearch/document/KM00006 (Chat) https://mysupport.microfocus.com/web/softwaresupport/chat-language-selection (MySupport Web Portal) https://mysupport.microfocus.com/ (Internet) https://www.microfocus.com/support-and-services/contact-support/
Date:	November 4, 2019
Document ID:	MF-VOLT-CA-201904

© Micro Focus. Please see Terms of Use applicable to this content.