CA PAM and CVE-2024-6531

search cancel

CA PAM and CVE-2024-6531

book

Article ID: 385267

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Is CA PAM impacted by CVE-2024-6531

CA PAM makes use of many JavaScript Libraries, some of these are outdated and needs to be updated.

In a recent vulnerablity scan the findings are "The application uses a number of outdated JavaScript libraries to provide required functionality. The versions of these libraries in use are affected by known security issues, which could leave the application at risk of attack through vectors such as cross-site scripting (XSS). The affected JavaScript libraries are as follows:

bootstrap version 4.6.0.min https://getbootstrap.com/docs/4.6/getting-started/introduction/
RP: The outdated JavaScript libraries should be updated to the latest stable versions, which at the time of writing this report are Bootstrap 5.3.3.
For further information on the issues affecting the listed versions of these libraries, please refer to the following resources: https://nvd.nist.gov/vuln/detail/CVE-2024-6531 "

Environment

CA PAM version: All versions supported till version 4.2

Cause

The scan being very generic in nature, and does not share the version of the JavaScript libraries, a futher investigation into the code was perfromed for knowing the version of the bootstrap version being used in CA PAM.

Resolution

As per the notes shared regarding the vulnerability in the URL https://www.herodevs.com/vulnerability-directory/cve-2024-6531 the versions of bootstrap that are impacted are ">=4.0.0 <=4.6.2", where are CA PAM is using the version 3.3.5, hence CA PAM is not impacted by the vulnerability described in the CVE-2024-6531.

/* ========================================================================
* Bootstrap: transition.js v3.3.5
* http://getbootstrap.com/javascript/#transitions
* ========================================================================
* Copyright 2011-2015 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
* ======================================================================== */

Additional Information

Details about the Vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2024-6531

https://www.herodevs.com/vulnerability-directory/cve-2024-6531

Feedback

thumb_up Yes

thumb_down No