Is Access Manager vulnerable to CVE-2015-3194 (Certificate verify crash with missing PSS parameter)

  • 7017046
  • 04-Dec-2015
  • 22-Jul-2016

Environment

NetIQ Access Manager 4.0
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
CVE-2015-3194 (https://www.openssl.org/news/secadv/20151203.txt)

Situation

A new vulnerability (CVE-2015-3194) has been reported at https://www.openssl.org/news/secadv/20151203.txt that is specific to the certificate verification process. NAM does use this process - is NAM vulnerable to this threat as it frequently needs to verify certificates?

Resolution

NAM is not vulnerable to this threat as it's components do not verify the x509 certs using the openssl implementation.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.