Information regarding CA Identity Manager and vulnerability CVE-2017-5638

search cancel

Information regarding CA Identity Manager and vulnerability CVE-2017-5638

book

Article ID: 15988

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Is CA Identity Manager impacted by vulnerability CVE-2017-5638?

Environment

Release: Identity Manager 14.x

Resolution

Identity Manager 12.0, 12.5, 12.6, 14.0 and 14.1 use and older Apache Struts version 1.2.9 which is not vulnerable to the CVE-2017-5638 exploit.

Identity Manager 14.2 has upgraded the Struts version to Apache Struts 2.5.14.1 which is also not vulnerable to the CVE-2017-5638 exploit.

You can find details on this in the documentation here:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-2/release-notes/Release-Features-and-Enhancements/identity-manager-14_2-ga.html

    Upgraded to Apache Struts 2.5.14.1 to overcome security vulnerabilities.

    CA Identity Manager release 14.2 uses Apache Struts 2.5.14.1 for Management Console. With Apache Struts 2.5.14.1 support, the given changes are applicable:

        Management Console Access URL: The URL to access Management Console programmatically has changed. The syntax of the new URL is as follows:
        http://<HOST_NAME>:<PORT>/iam/immanage/env!listEnvs
        http://<HOST_NAME>:<PORT>/iam/immanage/env!editEnv?envoid=1

Feedback

thumb_up Yes

thumb_down No