Layer 7 Access Management

Tech Tip : CA Single Sign-On : Potential Oracle Vulnerability with CA SSO

  • 1.  Tech Tip : CA Single Sign-On : Potential Oracle Vulnerability with CA SSO

    Posted 11-26-2018 05:21 AM

    Question

     

    We're runnning CA Single Sign-On 12.7 and we'd like to know if this Oracle
    Vulnerability reports apply to it.

     

    Credit Statement

     

    https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

     

    Answer:

     

    CA Single Sign-On does include only this Oracle software :

     

    Third-Party Software Acknowledgments

     

    Oracle

     

    Oracle Java Runtime Environment (JRE) 1.8.0_72
    Oracle JDK (Java Development Kit) 1.8.0_77

     

    https://docops.ca.com/ca-single-sign-on/12-7/en/third-party-software-acknowledgments

     

    which are related to the AdminUI.

     

    Looking at the 12 reported problem with Java SE, I see none affecting
    the JRE nor JDK 1.8.0_72 and 1.8.0_77.

     

    CVE-2018-3183 java 8u181 and 11
    CVE-2018-3209 java 8u182
    CVE-2018-3169 java 7u191, 8u182 and 11
    CVE-2018-3149 Java 6u201, 7u191, 8u182 and 11
    CVE-2018-3211 java 8u181, 8u182 and 11
    CVE-2018-3180 java 6u201, 7u191, 8u181, 8u182 and 11
    CVE-2018-3214 java 6u201, 7u191, 8u181 and 8u182
    CVE-2018-3157 java 11
    CVE-2018-3150 java 11
    CVE-2018-13785 java 6u201, 7u191, 8u181, 8u182 and 11
    CVE-2018-3136 java 6u201, 7u191, 8u181, 8u182 and 11
    CVE-2018-3139 java 6u201, 7u191, 8u181, 8u182 and 11

     

    https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA

     

    KB : KB000121500