CA IM (IGA) CVE-2020-1938 (Ghostcat) vulnerability
Article ID: 188425
Updated On:
Products
CA Identity Manager
CA Identity Suite
Issue/Introduction
CA Broadcom Identity Manager (also known as Symantec IGA) employs Apache Tomcat in the Virtual Appliance and makes use of the Apache JServ Protocol (AJP). This is subject to the CVE-2020-1938 (Ghostcat) vulnerability. This vulnerability is rated at 9.8 Critical Severity. Please give this high attention.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
Environment
Release : 14.x
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Resolution
This has been mitigated in 14.4 and later. All supported releases should be free of this potential vulnerability.
Additional Information
In addition, the CA Identity Manager report server solution, which is based on TIBCO JasperSoft also utilizes Apache Tomact. For more information on how to mitigate this CVE, please follow the instructions on this link:
https://community.jaspersoft.com/wiki/fixing-tomcat-cve-2020-1938-tibco-jasperreporrts-server
Feedback
Yes
No
Powered by
