CA Technologies support is notifying customers about a high risk remote code vulnerability affecting certain releases of CA PAM. The vulnerability occurs in the bundled JBoss Seam component and is known as CVE-2010-1871.
CA Technologies recommends customers disable the JBoss Seam component to resolve the vulnerability. Instructions are provided below.
Note: These instructions will also disable the JBoss Admin Console. If the Admin Console is needed, these instructions can be reversed.
If the Admin Console is temporarily needed, stop the PAM service, revert the changes in step e) above and then start the PAM service. Repeat step e) when the Admin Console is no longer needed.