exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Privileged Access Manager Information Disclosure / Modification

CA Privileged Access Manager Information Disclosure / Modification
Posted Feb 13, 2019
Authored by Kevin Kotas, Bob Brust | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities. CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication. Affected versions include 3.2.1 and below, 3.1.2 and below, and 3.0.x releases.

tags | advisory, remote, web, vulnerability
advisories | CVE-2019-7392
SHA-256 | 9c5a5f6ca2aa8a6ce81a83bde72cb11f97523d34decd86e6c4c47a10af0cb17a

CA Privileged Access Manager Information Disclosure / Modification

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20190212-01: Security Notice for CA Privileged Access Manager

Issued: February 12, 2019
Last Updated: February 12, 2019

CA Technologies Support is alerting customers to a potential risk
with CA Privileged Access Manager. A vulnerability exists that can
allow a remote attacker to access sensitive information or modify
configuration. CA published solutions to address the vulnerabilities.

CVE-2019-7392 describes a vulnerability resulting from inadequate
access controls for the components jk-manager and jk-status web
service allowing a remote attacker to access the CA PAM Web-UI
without authentication

Risk Rating

High

Platform(s)

All platforms

Affected Products

CA Privileged Access Manager 3.2.1 and prior releases
CA Privileged Access Manager 3.1.2 and prior releases
CA Privileged Access Manager 3.0.x

How to determine if the installation is affected

Customers may check the version of the product to determine if they
are running a vulnerable release.

Solution

CA Privileged Access Manager 3.2.1 and prior releases:
Update to CA Privileged Access Manager 3.2.2 or later

CA Privileged Access Manager 3.1.2 and prior releases:
Update to CA Privileged Access Manager 3.1.3 or later

CA Privileged Access Manager 3.0.x:
Contact CA support for guidance

References

CVE-2019-7392 - CA Privileged Access Manager jk-manager and jk-status
access

Acknowledgement

CVE-2019-7392 - Bob Brust

Change History

Version 1.0: 2019-02-12 - Initial Release

CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications.

Customers who require additional information about this notice may
contact CA Technologies Support at http://support.ca.com/.

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response

Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBXGMTRLlJjor7ahBNAQhVNhAAkYOlhpMYNZL8N8ubUiRHiv6r3DUZi0J3
WnK3eYQLhbr5f2a1SWx0rC4qoItpH9ZguTwTeYzr4vSx12fmL9+yxPg5s8kMIu7G
dhS10gaA+CyTqXc2Rv42y0j1Jp6XR8zPrUqacPSErrXfIOB+iRJPsCSp+pLrCX1W
6AT3N+9P9qhH8q51BBc0dE+BBMK6Hxanj7jp3gvo7Ei9ziHNN5bvNsJkp2CiPbLJ
U8GFM/+3wkcwf+fz7uOy+FEmbpY5RoiGqgjJEqD0fXPhD9TjARoK+Z97QDx2dUyV
JFmnQ3MlXg8KCIoHIoQu6yxPc5NBk/nV/4d7gSAAZKLOZ/bElGpSlTilLGYrgrF3
5PCcBqYuXVdDmLotxf0KpML9Eog+yxfI4YtsFbhmH3gH2T2Ux9sOvkRpD7edyTOR
9dQ3FdUIUYUjvEI3pVXVypqUwUmSoylY4WQQdpnkqmIWZox2eEAdHEFtbedAUCy+
MT5W175gh0Fcq/lRTGOJMCLwo7Dn+FMzy6yoLmiTYz2xZKiPsgaIhf2VelFuGjNi
mgY4D+5UsjRklbrptFxv3DkMJxQKmAfK4+MsBdZ5C/HaJ2CtpysTk7Sky0Ryu853
J716IfB1kTABZfCgK+wxi8N/KsZoCYN5jbEURC8FzmHXaUCkodTiwatLKJ4Q0fC3
/Ght94KD7wM=
=1+K8
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close