Is CA PAM 3.2.3 affected by recently-discovered zero-day Oracle Weblogic Vulnerability CVE-2019-2725 / CNVD-C-2019-48814? If so, is there a timeline for release of any hotfixes to address this issue?
Oracle is a 3rd party platform to PAM.
We reviewed the Oracle advisory. It is associated with Oracle Weblogic servers and patching according to Oracle would be prudent to mitigate the Oracle reported vulnerability,
There is no action needed for the PAM product with regard to the Weblogic vulnerability.