Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
search cancel

Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities


Article ID: 32094


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


A Vulnerability Scan has detected and reported a vulnerability similar to this:

38429 CA (Computer Associates) Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities. 
This is also associated to 

The Remote Buffer Overflow vulnerability is a known problem that occurs in CAM, which is used with the Provisioning Server. A fix is included in CAM 1.14 build 1, however the scan may still report the vulnerability even when CAM 1.14 build 1 is installed. In most cases the reported vulnerability should be considered a false alarm (see Resolution below).




Release: 12.5, 12.6, 14.0, 14.1, 14.2 and 14.3 versions of Identity Manager.



The vulnerability is fixed in CAM 1.14 build 1. 

1. Verify the CAM version by running camstat at the command prompt on the Provisioning Server.

The output of camstat will look something like this.

CAM - Version 1.14 (Build 1) 

2. If your current CAM version is 1.14 (Build 1) there is no further action required and the vulnerability reported by the scan should be ignored as a false alarm.

If your CAM version is lower than 1.14 Build 1 you may need to upgrade, though all current versions of Identity Manager should have 1.1.4 build 1. Please contact Support for assistance if camstat does not show CAM - Version 1.14 (Build 1).

3. CA Identity Manager 14.4 also shows Version 14.1 (Build 1) But Qualys Tool does not show as vulnerable