Reset Search
 

 

Article

JSA10325 - CERT-CSA Option Vulnerability, Released 3/10/03

« Go Back

Information

 
Product AffectedPlease see attached .pdf file for complete list of impacted products.
Problem
If you have configured CSA in "Enabled" mode for one or more groups, then it is possible for an authenticated user in one of those groups to access servers that are not listed in the "Application List". If you have configured CSA in "Enabled, and user can add applications" mode or configured in "Disabled" mode then there is no exposure.
Solution
Please see attached .pdf file for complete bulletin text.
Workaround
Implementation
All customers running any PCS Software version earlier than 3.3.1 GA Patch 1 (build 5847) should upgrade to 3.3.1 GA Patch 1. All customers running 4.0 GA (build 5531) should upgrade to 4.0 GA Patch 1 (build 5871).
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk Level 
Attachment 1
Attachment 2 
Legacy IDPSN-2004-07-008, JSA10325

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255