Is PAMSC/PIM affected by CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts
search cancel

Is PAMSC/PIM affected by CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts

book

Article ID: 260985

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Are Privileged Identity Manager (a.k.a PIM) and Privileged Access Manager Server Control (a.k.a PAMSC) affected by CVE-2023-24998?

This vulnerability is caused by Apache Commons FileUpload 1.0-beta-1 to 1.4.
Do PIM and PAMSC use this sub-module? 

Vulnerability information is here:

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24998
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998 

[SECURITY] CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy

Environment

Release : All

Resolution

PIM/PAMSC, ServerServer Refresh version, does not affect this vulnerability. 

Powered by Wolken Software