Layer 7 Privileged Access Management

Tech Tip - CA Privileged Access Manager: Vulnerability scan against CA PAM 2.5.X appliance reports vulnerable Splunk Forwarder listener 

07-15-2016 11:04 AM

Issue:

A vulnerability scan against CA PAM 2.5.X appliances detects several vulnerabilities associated with splunk forwarder version 6.2.3 listening on port 8089, see CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793.

 

Cause:

CA PAM uses a Splunk Forwarder running on the appliance for integration with Splunk. By default the Splunk Forwarder listens on all interfaces exposing any vulnerabilities associated with it.

 

Workaround:

If you cannot upgrade to CA PAM 2.6 at this time to resolve the problem, a patch is available on request to eliminate port access from the network. Open a support ticket and request the patch. This will not impact the Splunk integration.

 

Solution:

Upgrade to CA PAM 2.6.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

10-21-2016 06:46 AM

Hi,

I am encountering similar situation now during a VA scan. May I ask how can I access to this particular patch as it is not possible to upgrade to 2.6 at this moment. Project is due to commence next week.

Pls assist. Thanks

Related Entries and Links

No Related Resource entered.