Upgrade to r12.8.6a to implement remediation's for known 3rd party Vulnerabilities
Release : 12.8.03
Component : SITEMINDER -POLICY SERVER; Access Gateway; AdminUI
Siteminder r12.8.6a upgrades the following 3rd party components
===========================
Policy Server, SDK, and AdminUI:
Apache log4j 2.17.1
-> CVE's REsolved: CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
Mozilla Network Security Services (NSS) 3.73
-> CVE's REsolved: CVE-2021-43527
---------------------------
Access Gateway Server:
Apache log4j 2.17.1
-> CVE's REsolved: CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
Apache HTTP Server 2.4.52
-> CVE's REsolved: CVE-2021-44224, CVE-2021-44790
Apache Tomcat 9.0.58
-> CVE's REsolved: CVE-2020-9484, CVE-2022-23181
Apache Xerces-J 2.12.2
-> CVE's REsolved: CVE-2012-0881, CVE-2013-4002, CVE-2022-23437
Mozilla Network Security Services (NSS) 3.73
-> CVE's REsolved: CVE-2021-43527
===========================
Since Sitemnder Access Gateway r12.8.6a was released, some additional vulnerabilities and their remediations have been published for OpenSSL 1.0.2. The most currect version of OpenSSL is 1.0.2zd
https://knowledge.broadcom.com/external/article/238097/openssl-102zc-vulnerability-on-siteminde.html
Since Sitemnder Access Gateway r12.8.6a was released, some additional vulnerabilities and their remediations have been published for Apache HTTP Server. The most currect version of Apache 2.4.53
https://knowledge.broadcom.com/external/article/237408/vulnerabilities-with-apache-2452-and-old.html