CVE-2014-3518 JBoss vulnerability with CA Process Automation

Document ID : KB000030105
Last Modified Date : 14/02/2018
Show Technical Document Details

The CVE-2014-3518 vulnerability for JBoss is a concern because jmx-remoting.sar is deployed by CA Process Automation.

Information about this vulnerability is provided here: CVE-2014-3518

To resolve this for CA Process Automation, please do the following:

1. Stop all CA Process Automation Orchestrators

2. Delete the jmx-remoting.sar folder located in %PAM_HOME%/server/c2o/deploy

3. Restart the CA Process Automation Orchestrators

Attached is a test tool from RedHat - CVE-2014-3518-bin.zip - with instructions on running this test to verify that the vulnerability has been removed.

There is also more information here: https://access.redhat.com/solutions/1120423 specific to the vulnerability and verification.

Subsequent upgrades of CA Process Automation will not redeploy this folder. This folder is only deployed during the initial installation of the product.

File Attachments:
TEC1217014.zip