search cancel

SiteMinder SharePoint Agent vulnerabilities

book

Article ID: 229443

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The following vulnerabilities are reported for SiteMinder agent for SharePoint 12.52 SP1 CR11:

CVE-2020-13938
CVE-2020-13950
CVE-2019-17567
CVE-2021-30641
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-42013

Cause

Reported vulnerabilities were fixed in Apache httpd 2.4.47, except CVE-2021-42013, which was fixed in Apache httpd 2.4.51.

However embedded version in SharePoint Agent is 2.4.46

Resolution

Upgrade SharePoint Agent to Apache 2.4.51

Steps to install the patch:

1. Navigate to the agent installation folder, for example C:\CA\Agent-for-SharePoint\
2. Take the backup of the original folder httpd to httpd_orig
3. Unzip the attachment file and copy the httpd folder to C:\program files\CA\Agent-for-SharePoint\
4. Copy config files from original  httpd_orig  to  httpd:
cp -r httpd_orig/conf  httpd/
5. Start the agent

Please contact Broadcom Support to get Apache patch.