CA20130528-01 Security Notice for CA Process Automation CA PAM - CA Technologies
{{search ? 'Close':'Search'}}

CA20130528-01: Security Notice for CA Process Automation (CA PAM)

Issued: May 28, 2013
Last Updated: June 12, 2013

CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability, CVE-2010-1871, occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.

Risk Rating

High

Platform

All supported platforms

Affected Products

CA Process Automation 4.0
CA Process Automation 4.0 SP1
CA Process Automation 4.1
CA Process Management for Workflows 4.0
CA Process Management for Workflows 4.0 SP1
CA Process Management for Workflows 4.1

CA Technologies products that bundle this software include:

CA IT Asset Manager 12.8
CA Server Automation 12.7.1
CA Server Automation 12.8
CA Service Catalog 12.8
CA Service Desk Manager 12.5
CA Service Desk Manager 12.6
CA Service Desk Manager 12.7

Non-Affected Products

CA Process Automation 4.1 SP1*

*Note: If CA Process Automation 4.1 SP1 is installed as an upgrade to an existing vulnerable 4.x release, then the installation may still be vulnerable.

How to determine if the installation is affected

To determine whether the Seam component is installed and enabled, check for the following files. If the files are present, then the installation may be vulnerable.

Directory File
<PAM_Home>serverc2odeployers seam.deployer
<PAM_Home>serverc2odeployers webbeans.deployer
<PAM_Home>serverc2odeploy admin-console.war

 

Solution

CA Technologies has issued the following remediation to address the vulnerability.

For Process Automation 4.0, 4.0 SP1, 4.1 and Process Management for Workflows 4.0, 4.0 SP1, 4.1:
Apply the manual remediation steps described in TEC591669.

References

CVE-2010-1871

Change History

Version 1.0: Initial Release
Version 1.1: 2013-05-30 - Added Process Management for Workflows 4.0 to the Affected Products and Solution sections
Version 1.2: 2013-06-12 - Added Process Automation 4.1 SP1 to Non-Affected Products

If additional information is required, please contact CA Technologies Support at https://support.ca.com/.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing