Issued: February 12, 2019
Last Updated: February 20, 2019
CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities.
CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication
CA Privileged Access Manager 3.2.1 and prior releases
CA Privileged Access Manager 3.1.2 and prior releases
CA Privileged Access Manager 3.0.x
How to determine if the installation is affected
Customers may check the version of the product to determine if they are running a vulnerable release.
Updates are available on the CA Privileged Access Manager Solutions & Patches page.
CA Privileged Access Manager 3.2.1 and prior releases:
Update to CA Privileged Access Manager 3.2.2 or later
CA Privileged Access Manager 3.1.2 and prior releases:
Update to CA Privileged Access Manager 3.1.3 or later
CA Privileged Access Manager 3.0.x:
Contact CA support for guidance
CVE-2019-7392 - CA Privileged Access Manager jk-manager and jk-status access
CVE-2019-7392 - Bob Brust
Version 1.0: 2019-02-12 Initial Release
Version 2.0: 2019-02-20 - Added direct link to solution download page
CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
Customers who require additional information about this notice may contact CA Technologies Support at http://support.ca.com/.
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.
Copyright © 2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.