search cancel

Vulnerability detected with Aymantec PAM A2A client version 4.12.3

book

Article ID: 257590

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Vulnerability detected with A2A client version 4.12.3.  Please see attached for NexuIQ scan results for more details, but it is due to commons-net.jar.   

Please look into this asap, we need to proceed as the vulnerability is holding up projects/new builds.

 

Environment

Release : 4.x

Cause

Client's vulnerability scanner flagged this jar file.

Resolution

After a review of the A2A code base, development determined that commons-net.jar is not a required file for any base A2A functionality and this jar file will be removed from any future releases of the A2A agent (starting with PAM 4.1.2). There is no patch required for running any previous since that jar file can simply be deleted without any restart of any services.

Linux/Unix

      [[email protected] ]# find <Your A2A install folder> -name commons-net*.jar
      /opt/catech/cspmclient_v.4.12.3/lib/commons-net-3.3.jar

      [[email protected] ]# rm /opt/catech/cspmclient_v.4.12.3/lib/commons-net-3.3.jar

Windows

    Delete the jar file using windows manager (Default location C:\cspm\cloakware\cspmclient\lib)

         

Attachments