OpenSSL Vulnerabilities in Provisioning Server - Upgrade to OpenSSL version 1.0.2zk or later. CVE-2023-5678, CVE-2024-0727, CVE-2024-5535.
search cancel

OpenSSL Vulnerabilities in Provisioning Server - Upgrade to OpenSSL version 1.0.2zk or later. CVE-2023-5678, CVE-2024-0727, CVE-2024-5535.

book

Article ID: 379180

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

A vulnerability scan indicates the following:

Upgrade to OpenSSL version 1.0.2zk or later.

CVE-2023-5678

CVE-2024-0727

CVE-2024-5535

1.0.2zg    Fixed version    : 1.0.2zk      /opt/CA/IdentityManager/ProvisioningServer/bin/openssl

 

Environment

IM 14.4.x

IM 14.5.x

Resolution

Manually remove/delete openssl.exe from this location:

/opt/CA/IdentityManager/ProvisioningServer/bin/ 

Additional Information

OpenSSL.exe is not used by the IMPS (Identity Manager Provisioning Server) application except for the sake of some utilities, and it will be updated in a future release.

Powered by Wolken Software