We're running a CA Access Gateway (SPS) 12.8SP2 and we've found the
following vulnerabilities :
- Apache 2.4.37 < 2.4.46 (Multiple Vulnerabilities - HIGH)
- OpenSSL 1.0.2k < 1.0.2u (Procedure Overflow Vulnerability - Medium)
How can we get these vulnerabilities patched ?
SPS 12.8SP2
The CA Access Gateway (SPS) version 12.8SP5 brings the patched Apache
version 2.4.46 and OpenSSL 1.0.2u :
Defects Fixed in 12.8.05
32241741 DE480193 Apache HTTP Server is upgraded to Apache HTTP
Server 2.4.46.
32380551 DE485132 OpenSSL is upgraded to OpenSSL 1.0.2x.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/Defects-Fixed-in-12_8_05.html
Policy Server and CA Access Gateway (SPS) 12.8SP5 can be found here :
CA Single Sign-On (formerly CA SiteMinder) Hotfix/Cumulative Release Index
SSO Policy Server r12.8 SP05
https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS16178&os=ANY
SSO Access Gateway r12.8 SP05
https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS16179&os=ANY
https://techdocs.broadcom.com/us/product-content/recommended-reading/technical-document-index/ca-single-sign-on-hotfix-cumulative-release-index.html