AAF 6.3.4 Appliance and CVE-2020-12321

  • 7025095
  • 04-May-2021
  • 04-May-2021


Advanced Authentication 6.3 SP4
AA 6.3.4 
AAF Appliance


Vulnerability assessment run against AA 6.3.4 shows vulnerability to CVE-2020-12321

'SUSE Linux Enterprise Server 12-SP4-LTSS' is listed as an 'Affected' product in SUSE docs referenced in "additional information" below.

AAF 6.3.4 appliance uses SUSE 12 SP4.

Does this vulnerabilty affect Advanced Authentication? 


The Advanced Authentication appliance does not include all SLES RPMs.  It includes just enough OS (JeOS) for what it needs to function. The RPM affected by the vulnerability is not installed on the AA appliance. 

Even thought the AA 6.3.4 appliance uses SLES 12 SP4 LTSS, it does not use the part of SLES affected by vulnerability CVE-2020-12321.  

This is a false positive.  We assume the scanner must be identifying the OS and not the actual rpm that is vulnerable. 

Additional Information