search cancel

Identity Management and Governance vulnerabilities: CVE-2022-25626, CVE-2022-25627, CVE-2022-25628

book

Article ID: 256316

calendar_today

Updated On:

Products

CA Identity Governance CA Identity Manager CA Identity Portal CA Identity Suite

Issue/Introduction

Are fixes available for the components of Identity Management and Governance regarding these vulnerabilities?

CVE-2022-25626     Authentication Bypass

CVE-2022-25627    Remote Command Execution (RCE)

CVE-2022-25628    XML eXternal Entity injection (XXE)

Resolution

Hotfixes are available for the following vulnerabilities. See the Release notes below.

  CVE-2022-25626, CVE-2022-25627, CVE-2022-25628

IGA 14.4: 
 Non-vApp: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-
security/identity-manager/14-4/Release-Notes/Hotfixes.html


 vApp: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-
suite/14-4/release-notes/Virtual-Appliance-Release-Notes/Hotfixes.html

 

IGA 14.3: 
 Non-vApp: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-
security/identity-manager/14-3/Release-Notes/Hotfixes.html


 vApp: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-
suite/14-3/release-notes/Virtual-Appliance-Release-Notes/Hotfixes.html

Acknowledgements
● CVE-2022-25626: Hugo Boutinon & Undr of AXA Group Security
● CVE-2022-25627: Hugo Boutinon & Undr of AXA Group Security
● CVE-2022-25628: Hugo Boutinon & Undr of AXA Group Security