CA PAMSC: impact of CVE-2022-23302/CVE-2022-23305/CVE-2022-23307
search cancel

CA PAMSC: impact of CVE-2022-23302/CVE-2022-23305/CVE-2022-23307

book

Article ID: 236320

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Is PIM/PAMSC affected by these log4j 1.x vulnerabilities?
 
CVE-2022-23302: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
 
CVE-2022-23305: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
 
CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307

Environment

Release : 14.1
Component : PAM SERVER CONTROL

Resolution

PIM/PAMSC is not affected by these vulnerabilities.