search cancel

Do Apache Struts (CVE-2018-11776) and GhostScript vulnerabilities affect PAM?

book

Article ID: 112322

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

Apache STRUTS (CVE-2018-11776) is an open-source web application framework for developing Java EE web applications. GhostScript is an “interpreter,” which is a program that converts programming languages into machine code that is understood by the computer, and executes the code. This feature is used in software suites to enable editing or viewing of documents, such as PDF or PostScript files.

Are CA PAM versions 2.8.4.1 and 3.2 vulnerable to Apache STRUTS (CVE-2018-11776) and the GhostScript vulnerability? 

Environment

PAM 2.8 and 3.2

Resolution

PAM does not use STRUTS and is thus not affected, and also PAM is not impacted by the ghostscript vulnerabilities. - confirmed by CA Vulnerabilities Response Team.