Is PIM/PAMSC affected by OpenSSL Security Advisory [22nd March 2023]
search cancel

Is PIM/PAMSC affected by OpenSSL Security Advisory [22nd March 2023]

book

Article ID: 263001

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

OpenSSL team announced the following Security Advisory on 22 Mar 2023. Is PAMSC affected by CVE-2023-0464?

Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)

 

Environment

Privileged Access Manager Server Control 14.x

Resolution

PAMSC is using the openssl (1.0.2f for windows and for Linux we are using the OS provided openssl version) only for the creation of activemq certificate.
As this vulnerability is most likely to affect applications that have implemented their own functionality for retrieving CRLs over a network.
As per our knowledge, we do not use any custom implementation for CRL retrieval in our applications or services.