CA Identity Manager Vulnerability CVE-2022-29701
search cancel

CA Identity Manager Vulnerability CVE-2022-29701

book

Article ID: 279568

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

When  performing the penetration Test, the below vulnerabilities are reported

Email flooding- CVE-2022-29701

Environment

14.5

Cause

A bug in the OTP validation screen when we set the OTP attempt limit as a specific value and use a proxy device to intercept the request and trigger the OTP more than the specified limit. The OTP is triggered more than the specified number of times.

Resolution

A fix DE592031_HF for the IDM 14.5 version is also available now.

This fix will be included in the upcoming release 14.5.1 and It will be out in a couple of months

Additional Information

Reference Defect: DE592031

Attachments

DE592031_HF.zip get_app
Powered by Wolken Software