TSX Asynchronous Abort (TAA) CVE-2019-11135: Impact on RSA Products
On November 12, 2019, Intel shared information about a new mechanism, similar to Microarchitectural Data Sampling (MDS) referred to as “TAA” (Transactional Synchronization Extensions (TSX) Asynchronous Abort). This mechanism affects CPUs that support TSX and the mitigations include additional means to clear buffers in software or disable TSX for those customers who do not use this functionality. RSA is working closely with Intel to release security updates to address this vulnerability and help customers ensure the security of the data and systems. RSA urges customers to review this article for impact on RSA products.
RSA is assessing impact and this article will be updated with the remediation status for any RSA product that is impacted by these vulnerabilities.
RSA Product Name
RSA Authentication Manager (Hardware Appliance)
It is a single-user, root-user-only appliance. This issue does not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed.