Is Applications Manager impacted by CVE-2026-4176?
search cancel

Is Applications Manager impacted by CVE-2026-4176?

book

Article ID: 440599

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

Vulnerability scans may flag CA Automic Applications Manager (AM) for CVE-2026-4176 due to the presence of affected Perl versions.

CVE-2026-4176 Summary:

CVE-2026-4176 is described as a critical supply chain vulnerability (CWE-1395) affecting multiple versions of Perl.

It ships with a compromised version of the Compress::Raw::Zlib module containing a vulnerable internal copy of the zlib library.

This exposes systems to CVE-2026-3381 (RCE) and CVE-2026-27171 (DoS via uncontrolled right shifts in x2nmodp).

Public Proof-of-Concept (PoC) exploits have not yet been reported.

This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) Catalog.

They are listed in the European Union's Vulnerability Database under the identifiers: EUVD-2026-17044, EUVD-2026-9520, and EUVD-2026-8063.

Environment

Applications Manager 9.5+ (Windows OS)

The vulnerability spans a wide range of Perl versions: - Perl 5.9.4 through 5.40.4-RC1 - Perl 5.41.0 through 5.42.2-RC1 - Perl 5.43.0 through 5.43.9

Cause

Applications Manager ships with the following versions on Windows only:

AM version 9.5 to 9.5.1 ships with Perl version 9.34.0
AM version 9.5.2 to 9.6.1 ships with Perl version 9.38.2
AM version 9.6.2 ships with Perl version 9.42.0

Resolution

Solution 

For Applications Manager on Unix/Linux, Perl is has not been included in the install binary since version 9.4. No action required in Applications Manager. Refer to your OS admin for recommendations and/or to upgrade system level Perl version as perl is required for Applications Manager functionality. 

For Applications Manager on Windows, a fixed version of Perl will be included in Applications Manager 9.6.3.

Workaround

For Windows, you can install your own version of Perl. Please refer to your OS administrator for more information. To apply the changes:

  1. Install, configure required Perl version, and confirm if you can call the perl executable/version by opening a CMD window and running command "perl -v". 
  2. Delete the perl executable and dll file from the %AW_HOME%\c directory.
  3. Copy perl executable from new Perl installation to the %AW_HOME%\c directory.
Powered by Wolken Software