Published:
May 28 2013, 06:52 PM
|
no comments
by
Kevin Kotas
We published a new security notice today for products that use CA Process Automation. The notice addresses a high-risk remote code execution vulnerability. Remediation is available. See below for further information. CA20130528-01: Security Notice for CA Process Automation (CA PAM) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={2E258599-2A95-4D56-9C0C-BEFA4FB904FE} Kevin Kotas Director, CA Technologies Product Vulnerability Response Team The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.
Read more...
By: Kevin Kotas
Kevin Kotas is a Director of the CA Product Vulnerability Response Team. He has over fifteen years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina State...
Read More..
Published:
April 29 2013, 11:46 AM
|
no comments
by
Kevin Kotas
We published a new version of the following notice today. ControlMinder customers are urged to review the latest recommendations and release notes. CA20130213-01: Security Notice for CA ControlMinder https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A6F2B559-F02D-4FCE-B3BF-C743219D4A27} Kevin Kotas Director, CA Technologies Product Vulnerability Response Team The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.
Read more...
By: Kevin Kotas
Kevin Kotas is a Director of the CA Product Vulnerability Response Team. He has over fifteen years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina State...
Read More..
Published:
March 19 2013, 08:53 PM
|
no comments
by
Kevin Kotas
I published a new security notice today for SiteMinder products. The notice concerns a high risk set of vulnerabilities that deal with SAML. We are not currently aware of any exploitation of these vulnerabilities. Solutions are available. CA20130319-01: Security Notice for SiteMinder products using SAML https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5} Kevin Kotas Director, CA Technologies Product Vulnerability Response Team The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.
Read more...
By: Kevin Kotas
Kevin Kotas is a Director of the CA Product Vulnerability Response Team. He has over fifteen years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina State...
Read More..
Published:
February 13 2013, 11:27 AM
|
no comments
by
Kevin Kotas
A new security notice for CA ControlMinder is now available. The notice concerns a publicly known and high risk vulnerability for the bundled JBoss Application Server. Fixes are available. See the notice below for more information. CA20130213-01: Security Notice for CA ControlMinder https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A6F2B559-F02D-4FCE-B3BF-C743219D4A27} Kevin Kotas Director, CA Technologies Product Vulnerability Response Team The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.
Read more...
By: Kevin Kotas
Kevin Kotas is a Director of the CA Product Vulnerability Response Team. He has over fifteen years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina State...
Read More..
Published:
January 18 2013, 06:00 PM
|
no comments
by
Ken Williams
A recently published security notice for CA IdentityMinder (CA20121220-01: Security Notice for CA IdentityMinder) has been updated. The update includes a major revision to the section entitled "How to determine if the installation is affected". Revised content: How to determine if the installation is affected All versions of CA IdentityMinder r12.0, r12.5 prior to SP15, and r12.6 GA are vulnerable. You can confirm that patches have been successfully applied by checking the dates associated with the following IdentityMinder jar files (the jar files are created in the patch output sub-folder structure in the root folder from which you have run the patch utility): CA IdentityMinder r12.0 CR16 and earlier – user_console.jar CA IdentityMinder...
Read more...
By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..