Is Access Manager vulnerable to CVE-2015-3195 (X509_ATTRIBUTE memory leak)

Document ID:7017047
Creation Date:04-Dec-2015
Modified Date:04-Dec-2015
- Micro Focus Products:
  Access Manager (NAM)

Environment

NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.0

Situation

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

Is NAM effected by this?

Resolution

NAM uses PKCS12 content formats and is not effected by this vulnerability.

© Micro Focus. Please see Terms of Use applicable to this content.