Is PIM/PAMSC affected by OpenSSL Security Advisory [7th February 2023]
search cancel

Is PIM/PAMSC affected by OpenSSL Security Advisory [7th February 2023]

book

Article ID: 259751

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

OpenSSL Project announced the following Security Advisory on Feb 7.

Does it affect PIM or PAMSC?

CVE-2023-0286, CVE-2022-4304, CVE-2023-0215 : for OpenSSL 3.0, 1.1.1, 1.0.2
CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401 : for OpenSSL 3.0.0 - 3.0.7
CVE-2022-4450 : for OpenSSL 3.0, 1.1.1

Environment

Release : All

Cause

CA Privileged Identity Manager 12.9.x or before is using OpenSSL 1.0.1x.

So, it does not affect this vulnerability.

CA Privileged Identity Manager 14.0 and Privileged Access Manager Server Control 14.0/14.1 is using OpenSSL 1.0.2x.

But, OpenSSL is using a part of our function.  Then it does not use the implementation at this vulnerability. 

Resolution

All versions which are included Server Component and Endpoint, are not affected by this vulnerability.