Multiple CVE's not impacting CA PAM
search cancel

Multiple CVE's not impacting CA PAM

book

Article ID: 374834

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The customer wants to know if he following CVE's impact CA PAM application.

CVE-2023-51384
CVE-2018-15919
CVE-2018-20685, 
CVE-2019-6109, 
CVE-2019-6110, 
CVE-2019-6111
CVE-2020-14145
CVE-2020-15778
CVE-2023-38408
CVE-2021-36368
CVE-2023-51385
CVE-2023-51767
CVE-2018-15919

Environment

All CA PAM 4.1.x versions

Cause

RFI

Resolution

CVE-2018-15919 Username - enumeration  - Openssh doesnot consider this as a vulnerability - no fix needed, Also we dont support Kerberos authentication  Not vulnerable
CVE-2023-51767 We dont support password authentication  Not vulnerable
CVE-2021-36368 Disputed- Openssh does not consider this as a vulnerability Not vulnerable
CVE-2023-38408 ssh-agent.c code related, we dont use this moudule Not vulnerable
CVE-2020-15778 Disputed- Openssh doesnot consider this as a vulnerability Not vulnerable
CVE-2020-14145 Openssh client issue - we dont use client Not vulnerable
CVE-2019-6111 We dont provide scp command to end user Not vulnerable
CVE-2019-6110 We dont provide scp command to end user Not vulnerable
CVE-2019-6109 We dont provide scp command to end user Not vulnerable
CVE-2018-20685 We dont provide scp command to end user Not vulnerable
CVE-2018-15919 CVE-2018-15919 - username - enumeration we are not affected Not vulnerable
CVE-2023-51384 ssh-agent module - not using Not vulnerable
CVE-2023-51385 mainly affected for git users - Not affected Not vulnerable
Powered by Wolken Software