CA PAMSC: impact of CVE-2022-23302/CVE-2022-23305/CVE-2022-23307
Article ID: 236320
Updated On:
Products
CA Privileged Access Manager - Server Control (PAMSC)
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
Is PIM/PAMSC affected by these log4j 1.x vulnerabilities?
CVE-2022-23302: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
CVE-2022-23305: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
Environment
Release : 14.1
Component : PAM SERVER CONTROL
Resolution
PIM/PAMSC is not affected by these vulnerabilities.
Feedback
Yes
No
Powered by
