apmsso library Vulnerability
search cancel

apmsso library Vulnerability

book

Article ID: 436525

calendar_today

Updated On:

Products

DX SaaS

Issue/Introduction

Vulnerability, TEN-182873: The version of libcurl installed on the host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.

 Path              : /opt/CA/CA_APM_SSO_13.4.4/bin/libcurl.so
  Installed version : 8.0.1
  Fixed version     : 8.4.0

 

  Path              : /opt/CA/CA_APM_SSO_13.4.4/bin/libcurl.so.4.8.0
  Installed version : 8.0.1
  Fixed version     : 8.4.0

Resolution

For Linux 64bits, Siteminder 64bits.

If the above information is correct, please review the following knowledge base.

APMSSO libcurl vulnerability

This knowledge base also valid in your case if the environment is accurate.

As the document indicates that 64bits environment does not use library which is installed with apmsso.

 

Please take the following steps and validate this in a test environment before implementing this in PROD environment.

make a backup copy of these libraries at another location which you can exclude from scan (like another server etc.).

delete these libraries under apmsso location.

run the security scan again.

validate that apmsso continue to function good.

Powered by Wolken Software