Update: CA20121220-01: Security Notice for CA IdentityMinder

Update: CA20121220-01: Security Notice for CA IdentityMinder

A recently published security notice for CA IdentityMinder (CA20121220-01: Security Notice for CA IdentityMinder) has been updated.  The update includes a major revision to the section entitled “How to determine if the installation is affected”.

Revised content:
How to determine if the installation is affected

All versions of CA IdentityMinder r12.0, r12.5 prior to SP15, and r12.6 GA are vulnerable.

You can confirm that patches have been successfully applied by checking the dates associated with the following IdentityMinder jar files (the jar files are created in the patch output sub-folder structure in the root folder from which you have run the patch utility):

CA IdentityMinder r12.0 CR16 and earlier – user_console.jar
CA IdentityMinder r12.5 SP1 thru SP6 – user_console.jar
CA IdentityMinder r12.5 SP7 thru SP14 – user_console.jar & imsapi6.jar
CA IdentityMinder r12.6 GA –  user_console.jar & imsapi6.jar

The dates on these jar files will be set to the date on which the patch was applied.

CA20121220-01: Security Notice for CA IdentityMinder


Thanks and regards,
Ken Williams, Director
CA Technologies Product Vulnerability Response Team
CA Technologies Business Unit Operations

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies. 

The following two tabs change content below.

Ken Williams

Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst & Young, and founder of Packet Storm Security.

Leave a Reply