Message Image

Skip main navigation (Press Enter).

Symantec Privileged Access Management

View Only

Back to discussions

Expand all | Collapse all

Is CA PAM and PAM client vulnerable to Spring4Shell RCE CVE-2022-22963 and CVE-2022-22965?

Nurul AsyirahApr 01, 2022 04:34 AM

Hi Experts, This is regarding PAM version 3.4.2, 3.4.6, 4.0.1 and 4.0.2 If it is affected by these ...

Ralf PriglApr 04, 2022 02:27 PM

Hello Nurul, Please consult the following URL: Symantec Security Advisory for Spring Framework CVE-2022-22965 ...

1. Is CA PAM and PAM client vulnerable to Spring4Shell RCE CVE-2022-22963 and CVE-2022-22965?

0 Recommend
Nurul Asyirah
Posted Apr 01, 2022 04:34 AM

Reply Reply Privately
Hi Experts,

This is regarding PAM version 3.4.2, 3.4.6, 4.0.1 and 4.0.2

If it is affected by these CVE, how do we mitigate it?

Thank you.
Syera
2. RE: Is CA PAM and PAM client vulnerable to Spring4Shell RCE CVE-2022-22963 and CVE-2022-22965?

0 Recommend
Broadcom Employee

Ralf Prigl
Posted Apr 04, 2022 02:27 PM

Reply Reply Privately
Hello Nurul, Please consult the following URL:
Symantec Security Advisory for Spring Framework CVE-2022-22965
PAM is listed under products that are not vulnerable. This lists CVE-2022-22965 only. We are checking whether it is meant to cover CVE-2022-22963 as well.

Original Message

Copyright 2019. All rights reserved.

Powered by Higher Logic