Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

CA20190212-01: Security Notice for CA Privileged Access Manager

Issued: February 12, 2019
Last Updated: February 20, 2019
 
CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities.
 
CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication
 
Risk Rating
 
High
 
Platform(s)

All platforms
 
Affected Products
 
CA Privileged Access Manager 3.2.1 and prior releases
CA Privileged Access Manager 3.1.2 and prior releases
CA Privileged Access Manager 3.0.x
 
How to determine if the installation is affected
 
Customers may check the version of the product to determine if they are running a vulnerable release.
 
Solution

Updates are available on the CA Privileged Access Manager Solutions & Patches page.

CA Privileged Access Manager 3.2.1 and prior releases:
Update to CA Privileged Access Manager 3.2.2 or later
 
CA Privileged Access Manager 3.1.2 and prior releases:
Update to CA Privileged Access Manager 3.1.3 or later
 
CA Privileged Access Manager 3.0.x:
Contact CA support for guidance
 
References
 
CVE-2019-7392 - CA Privileged Access Manager jk-manager and jk-status access
 
Acknowledgement
 
CVE-2019-7392 - Bob Brust
 
Change History

Version 1.0: 2019-02-12 Initial Release

Version 2.0: 2019-02-20 - Added direct link to solution download page 

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
 
Customers who require additional information about this notice may contact CA Technologies Support at http://support.ca.com/.
 
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.
 
Copyright © 2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.