search cancel

Upgrade to r12.8.6a for fixes to 3rd party Vulnerabilities

book

Article ID: 239645

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Upgrade to r12.8.6a to implement remediation's for known 3rd party Vulnerabilities

Environment

Release : 12.8.03

Component : SITEMINDER -POLICY SERVER; Access Gateway; AdminUI

Resolution

Siteminder r12.8.6a upgrades the following 3rd party components

===========================
Policy Server, SDK, and AdminUI:

Apache log4j 2.17.1
-> CVE's REsolved: CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105

Mozilla Network Security Services (NSS) 3.73
-> CVE's REsolved: CVE-2021-43527

---------------------------
Access Gateway Server:

Apache log4j 2.17.1
-> CVE's REsolved: CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105

Apache HTTP Server 2.4.52
-> CVE's REsolved: CVE-2021-44224, CVE-2021-44790

Apache Tomcat 9.0.58
-> CVE's REsolved: CVE-2020-9484, CVE-2022-23181

Apache Xerces-J 2.12.2
-> CVE's REsolved: CVE-2012-0881, CVE-2013-4002, CVE-2022-23437

Mozilla Network Security Services (NSS) 3.73
-> CVE's REsolved: CVE-2021-43527
===========================

Additional Information

Since Sitemnder Access Gateway r12.8.6a was released, some additional vulnerabilities and their remediations have been published for OpenSSL 1.0.2.  The most currect version of OpenSSL is 1.0.2zd

https://knowledge.broadcom.com/external/article/238097/openssl-102zc-vulnerability-on-siteminde.html

Since Sitemnder Access Gateway r12.8.6a was released, some additional vulnerabilities and their remediations have been published for Apache HTTP Server.  The most currect version of Apache 2.4.53

https://knowledge.broadcom.com/external/article/237408/vulnerabilities-with-apache-2452-and-old.html