search cancel

Is CA PAM 4.X and below vulnerable to CVE-2021-28041 ?

book

Article ID: 243006

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Vulnerability CVE-2021-28041references a double-free memory corruption may lead to arbitrary code execution in openssh

https://nvd.nist.gov/vuln/detail/CVE-2021-28041

Since CA PAM uses openssh, is the product vulnerable to this exploit ?

 

Environment

CA PAM release 4.0.1,4.1.0 and below

Resolution

Vulnerability was introduced openssh 8.2 which comes with none of the releases available as of the writing of this document, so CA PAM is not vulnerable.