Is CA PAM Affected by Weblogic Vulnerability CVE-2019-2725 / CNVD-C-2019-48814

book

Article ID: 131614

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



Is CA PAM 3.2.3 affected by recently-discovered zero-day Oracle Weblogic Vulnerability CVE-2019-2725 / CNVD-C-2019-48814? If so, is there a timeline for release of any hotfixes to address this issue?

Environment

PAM 3.2.3

Resolution

Oracle is a 3rd party platform to PAM. 

We reviewed the Oracle advisory. It is associated with Oracle Weblogic servers and patching according to Oracle would be prudent to mitigate the Oracle reported vulnerability, 

There is no action needed for the PAM product with regard to the Weblogic vulnerability.