Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

Meltdown and Spectre vulnerabilities - Identity Manager, Governance, and Portal update

  • 1.  Meltdown and Spectre vulnerabilities - Identity Manager, Governance, and Portal update

    Posted Jan 08, 2018 04:13 PM

    Dear CA Customer:

    The purpose of this Critical Alert is to inform you of our status update regarding the Meltdown and Spectre vulnerabilities. Please read the information provided below and follow the instructions in order to avoid being impacted by this problem.

     

    PRODUCT(S) AFFECTED: CA Identity Manager, CA Identity Portal, CA Identity Governance      RELEASES: all

     

    PROBLEM DESCRIPTION:

    CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 have been recently identified in industry-wide "multiple microarchitectural (hardware) implementation issues affecting many modern microprocessors, requiring updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update."

    Ref: https://access.redhat.com/security/vulnerabilities/speculativeexecution

     

    SYMPTOMS:
    "An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. Additional exploits for other architectures are also known to exist. These include IBM System Z, POWER8 (Big Endian and Little Endian), and POWER9 (Little Endian)."

    Ref: https://access.redhat.com/security/vulnerabilities/speculativeexecution

     

    IMPACT:
    No specific impact to this product set, but please read on.

     

    WORKAROUND:
    There is currently no known workaround for this issue.

     

    PROBLEM RESOLUTION:
    There is currently no resolution to this issue.  Customers are advised to apply vendor-provided patches as they become available.

    As more information becomes available from third-party vendors, CA will issue additional notifications to advise customers of potential resolutions and next steps for updating any CA components if necessary.

    If you have any questions about this Critical Alert, please contact CA Support.
     
    Thank you,

    CA Support Team

    Copyright © 2017 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.