This notice is to alert you to the availability of patches and instructions regarding the Ghostcat vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938 and https://nvd.nist.gov/vuln/detail/CVE-2020-1938). This vulnerability is rated at 9.8 Critical Severity. Please give this high attention.
Symantec IGA uses Apache Tomcat in the Virtual Appliance and makes use of the Apache JServ Protocol (AJP). Patches and deployment instructions for the following versions of these Virtual Appliance components are being made available via these location:
14.3:
14.2:
14.1:
Note that the method to exploit this vulnerability is not described in the CVE detail. However, in order to provide a higher level of assurance to our customers we are providing these patches.
If you have questions please contact Broadcom Support:
https://www.broadcom.com/support/services-support/ca-support/contact-support?intcmp=footernavThanks in advance
Itamar Budin
Product Management Lead - Identity Governance & Administration | Symantec Software Division
Symantec, A Broadcom Company