search cancel

EEM 12.51.3 Vulnerabilities - CA Spectrum

book

Article ID: 215603

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

A security scan on the CA Embedded Entitlements Manager (EEM) installation server reported the following vulnerabilities on port 509:

Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

SSL Server Supports Weak Encryption Vulnerability

SSL Server May Be Forced to Use Weak Encryption Vulnerability

SSL/TLS use of weak RC4(Arcfour) cipher

SSL/TLS Server supports TLSv1.0

EEM 12.51.3 is integrated with Spectrum 10.4.0

Environment

Release : 10.4

Component : CA Embedded Entitlements Manager 12.51.3

Resolution

Although from EEM 12.51.5.24 onwards TLS1.2 is supported, the EEM engineer recommends to upgrade to the latest version(12.6.2.0)  as there are many fixes which are available in the latest version and most of reported vulnerabilities would be resolved with the latest EEM server version.