We're running a CA Access Gateway (SPS) 12.8SP2 and we've found the
following vulnerabilities :
- Apache 2.4.37 < 2.4.46 (Multiple Vulnerabilities - HIGH)
- OpenSSL 1.0.2k < 1.0.2u (Procedure Overflow Vulnerability - Medium)
How can we get these vulnerabilities patched ?
The CA Access Gateway (SPS) version 12.8SP5 brings the patched Apache
version 2.4.46 and OpenSSL 1.0.2u :
Defects Fixed in 12.8.05
32241741 DE480193 Apache HTTP Server is upgraded to Apache HTTP
32380551 DE485132 OpenSSL is upgraded to OpenSSL 1.0.2x.
Policy Server and CA Access Gateway (SPS) 12.8SP5 can be found here :
CA Single Sign-On (formerly CA SiteMinder) Hotfix/Cumulative Release Index
SSO Policy Server r12.8 SP05
SSO Access Gateway r12.8 SP05