Haim Helman

**Name of the Vulnerable Software and Affected Versions** Istio versions 1.1.x through 1.1.6 **Description** The issue is related to Incorrect Access Control. When the `disablePolicyChecks` variable is set to `false`, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to the `istio/pilot/pkg/networking/plugin/mixer/mixer.go` file in version 1.1. **Recommendations** For Istio versions 1.1.x through 1.1.6, as a temporary workaround, consider setting `disablePolicyChecks` to `true` to ensure that inbound TCP connections generate Check requests to istio-policy and external authorization is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.