Tech Tip - CA Privileged Access Manager: Vulnerability scan against CA PAM 2.5.X appliance reports vulnerable Splunk Forwarder listener

Document created by prira01 Employee on Jul 15, 2016Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

Issue:

A vulnerability scan against CA PAM 2.5.X appliances detects several vulnerabilities associated with splunk forwarder version 6.2.3 listening on port 8089, see CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793.

 

Cause:

CA PAM uses a Splunk Forwarder running on the appliance for integration with Splunk. By default the Splunk Forwarder listens on all interfaces exposing any vulnerabilities associated with it.

 

Workaround:

If you cannot upgrade to CA PAM 2.6 at this time to resolve the problem, a patch is available on request to eliminate port access from the network. Open a support ticket and request the patch. This will not impact the Splunk integration.

 

Solution:

Upgrade to CA PAM 2.6.

Attachments

    Outcomes