Symantec Directory : Impact of NPM Ecosystem Supply Chain Compromise on Symantec Security Products

search cancel

Symantec Directory : Impact of NPM Ecosystem Supply Chain Compromise on Symantec Security Products

book

Article ID: 413408

calendar_today

Updated On:

Products

CA Directory

Issue/Introduction

You might be wondering if the vulnerability described on the link below will (or will not) impact Symantec Directory.

America's Cyber Defense Agency

Resolution

The short answer is no. At least up to 14.1.6 (aka SP6) release, which is the latest GA version.

There are two separate packages.
1) Symantec Directory (aka DXserver itself)
2) Symantec Directory Manager (aka mgmt. UI)

The NPM ecosystem is used only in Symantec Directory Manager while not in Symantec Directory.

If you are using Symantec Directory only, there is no impact with the vulnerability as there is no NPM used in it.

If the customer is using Directory Manager, NPM comes into play.

We have checked all the components listed in:

Socket Dev Blog

present in the given link:

America's Cyber Defense Agency

and confirmed, we are not using/shipping any of those vulnerable components. So even if you are using Symantec Directory Manager (mgmt. UI component), there is no impact with the vulnerability.

Additional Information

Regarding to IGA products, Identity Manager, Identity Governance and Identity Portal, see the article below

Does the "Widespread Supply Chain Compromise Impacting npm Ecosystem" affect the IGA products?

Feedback

thumb_up Yes

thumb_down No