A vulnerability scan against CA PAM 2.5.X appliances detects several vulnerabilities associated with splunk forwarder version 6.2.3 listening on port 8089, see CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793.
CA PAM uses a Splunk Forwarder running on the appliance for integration with Splunk. By default the Splunk Forwarder listens on all interfaces exposing any vulnerabilities associated with it.
If you cannot upgrade to CA PAM 2.6 at this time to resolve the problem, a patch is available on request to eliminate port access from the network. Open a support ticket and request the patch. This will not impact the Splunk integration.
Upgrade to CA PAM 2.6.
I am encountering similar situation now during a VA scan. May I ask how can I access to this particular patch as it is not possible to upgrade to 2.6 at this moment. Project is due to commence next week.
Pls assist. Thanks