CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities. CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication. Affected versions include 3.2.1 and below, 3.1.2 and below, and 3.0.x releases. Continue reading...
