Recently found vulnerability with RSA Authentication Agent SDK for C Error Handling Vulnerability and RSA Authentication Agent for Web for Apache Web Server Authentication Bypass Vulnerability

We're running Policy Server 12.7 and we'd like to know if Policy

Server is impacted by the RSA Authentication Bypass Vulnerability ?

CVE Identifier:  

  CVE-2017-14377

  CVE-2017-14378

These vulnerability affects :

RSA Authentication Agent API 8.5 for C

RSA Authentication Agent SDK 8.6 for C

As per Support Matrix, Policy Server supports only 8.0 and 8.1 RSA

Authentication Manager and runs RSA Authentication Agent API and SDK

for C the same version. So the Policy Server isn't affected by these

Vulnerabilities.

PRODUCT SUPPORT MATRIX CA Single Sign - On 12.7

Third - Party Product Compatibility

https://support.ca.com/phpdocs/7/5262/5262-12-7-platform-support-matrix.pdf

  RSA Authentication Manager 8.1 8.0

  At the time of policy server development on Red Hat 7, 64 bit, RSA did not offer SDK support for this platform, so RSA 

  Authentication Manager is not yet supported on the Policy Server running on Red Hat 7

http://seclists.org/fulldisclosure/2017/Nov/48

http://seclists.org/fulldisclosure/2017/Nov/46