Advisory regarding vulnerabilities reported by Oracle Java CVEs for applications running untrusted code
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
However, a scanner can still detect this vulnerability on RSA Authentication Manager servers, such vulnerabilities are like the Oracle Java SE Multiple Vulnerabilities (January 2023 CPU) Plugin ID: 170161, and this article addresses concerns relating to vulnerabilities with a similar description.
Resolution
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.The RSA Authentication Manager is a server-side application that loads and runs only trusted code (not code from web applets, web sites, etc). The RSA Authentication Manager is not a client application running untrusted code or relying upon the Java sandbox for security.
Hence any concerns regarding vulnerabilities with the above description are regarded as false positives with RSA Authentication Manager.
Related Articles
Spring-related vulnerabilities for RSA Authentication Manager Number of Views KCA Apache web server showing security vulnerability with scan due patch level/version Number of Views Security vulnerabilities CVE-2020-14882, CVE-2020-14883 and CVE-2020-14750, others in WebLogic an internal component in We… Number of Views Best practices for running vulnerability scans against RSA Authentication Manager 8.x Number of Views Multiple Apache Tomcat Vulnerabilities in RSA Authentication Manager - False Positive Number of Views
Don't see what you're looking for?
