To: Symantec SiteMinder (previously CA Single Sign-On) Customers

This notice is to alert you to the availability of patches and instructions regarding the vulnerability CVE-2020-9484 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484 and https://nvd.nist.gov/vuln/detail/CVE-2020-9484).   This vulnerability is rated at 7.0 High Severity.

SiteMinder embeds Apache Tomcat in the SiteMinder Access Gateway and the SiteMinder Agent for SharePoint.   Patches and deployment instructions for the following versions of these SiteMinder components are being made available via this location

https://support.broadcom.com/external/content/release-announcements/CA-Single-Sign-On-Hotfix-Cumulative-Release-Index/6544#SMWAM

When you reach that location, search on “9484” and you will find a link to deployment instructions and to the patches for each of these:

• Access Gateway (previously SPS) versions 12.7.01, 12.7.02, 12.8.02, 12.8.03
• Agent for SharePoint version 12.52 SP1 CR10

The recently released SiteMinder 12.8.04 Access Gateway has the patch already incorporated.

If you have questions please contact Broadcom Support:

https://www.broadcom.com/support/services-support/ca-support/contact-support?intcmp=footernav