Issue:
A vulnerability scan against CA PAM 2.5.X appliances detects several vulnerabilities associated with splunk forwarder version 6.2.3 listening on port 8089, see CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793.
Cause:
CA PAM uses a Splunk Forwarder running on the appliance for integration with Splunk. By default the Splunk Forwarder listens on all interfaces exposing any vulnerabilities associated with it.
Workaround:
If you cannot upgrade to CA PAM 2.6 at this time to resolve the problem, a patch is available on request to eliminate port access from the network. Open a support ticket and request the patch. This will not impact the Splunk integration.
Solution:
Upgrade to CA PAM 2.6.
Hi,
I am encountering similar situation now during a VA scan. May I ask how can I access to this particular patch as it is not possible to upgrade to 2.6 at this moment. Project is due to commence next week.
Pls assist. Thanks