-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20171114-01: Security Notice for CA Identity Governance Issued: November 14, 2017 Last Updated: November 14, 2017 CA Technologies support is alerting customers to a potential risk with CA Identity Governance. A vulnerability exists that can potentially allow a malicious actor to conduct cross-site scripting attacks. CA published a solution to resolve the issue. The vulnerability, CVE-2017-9394, occurs due to insufficient input validation that can result in a stored cross-site scripting vulnerability. The vulnerability can allow an authenticated remote attacker to display HTML or execute script in the context of another user. Risk Rating Medium Platform(s) All Server Environments where CA Identity Governance can be deployed. Please refer to the Platform Support Matrix in the product documentation at https//docops.ca.com Affected Products CA Identity Governance 12.6 Note: CA Identity Governance (formerly GovernanceMinder) releases prior to 12.6 are no longer supported Unaffected Products CA Identity Governance 14.0, 14.1 How to determine if the installation is affected Use the web interface to determine the version and check the version against the affected products list. Solution CA Identity Governance 12.6.5: Update to CA Identity Governance 12.6.5 CR1 CP3 - RS98844 CA Identity Governance releases previous to 12.6.5: Open a support ticket to request a hotfix References CVE-2017-9394 - CA Identity Governance stored XSS Acknowledgement CVE-2017-9394 - Jake Miller of Blue Canopy - A Jacobs company Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at https://support.ca.com/ If you discover a vulnerability in CA Technologies products, please report your findings to CA Technologies Product Vulnerability Response at vuln ca.com Security Notices and PGP key support.ca.com/irj/portal/anonymous/phpsbpldgpg www.ca.com/us/support/ca-support-online/documents.aspx?id=177782 Regards, Kevin Kotas Vulnerability Response Director CA Technologies Product Vulnerability Response Copyright (c) 2017 CA. 520 Madison Avenue, 22nd Floor, New York, NY 10022. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop Charset: utf-8 wsFVAwUBWgse1MMr2sgsME5lAQq+dQ/9FKU/gOIc5DNXauei+NfHuwA+BoiIA0yc PMWr2WIPT7skEFy/T46sKHN1TMVGCG/rUPlPL+BA46oicb9Wvk+0J4VvTheT3E1m fracPD4As/sNQiMmDYYGjC38Acf0/zqEtBBD5KAcbvV+RvRWn+mOaKjhxBbKOJ5O Xr1bDCEkRRhtVIqZEXVzexX/14OEWX3E5elDXQ6tVHhwtE33sNzoIk+Z+oblXIO7 CwwAHtgGqCJ8q0biA8z6eXQ7rKQsxaZjAkZq3BCNG5QbFzo4jeO+VAKR+usnIbhW qiFrfqromX07E8nEt60SJebYIx4VSpdkEHhCMmNSKMEwKzA1Ux0SXaXreG5qt3xt da81cAJPgxZ+1TupiIUH2yO8dnYtdpWqoPFD4Iiv7Z7hhoP2BkCt0GPyH6l14IiM nne+WYhyhGRz1ksS5Z2hxzXLH1XBX8pFOGnLQji/5z9V09gacB93kgDw5ye7+wxc +gxiggyDdtCRRGQ+PSAvGz39GGcDNhu6tBzrOXoYUufuSSX2WjWIv0ZzXL9xKUxP Ax3AVot/wNr9gRBYZOh0Xb+/7KW82Va1jl9UMwlkxKjoEsjrhZWIzEgYLdEtR0Xr wcHORXxEzre1/5xQ1WyMidmFDw3gSyY5B1v0XEnW75KSmzvdSv/NDYEWTOgCfN0l wOjhbaCuKsc= =DQbf -----END PGP SIGNATURE-----