Key Information Summary Vulnerability Advisory Number: CA20190523-01 Advisory Title: Security Notice for CA Risk Authentication and CA Strong Authentication Release Date: May 23, 2019 Update Date: May 23, 2019 Vulnerability Details Multiple Potential Risks: Affects CA Risk Authentication and CA Strong Authentication products. Risk Type: Multiple vulnerabilities exist, potentially allowing remote attackers to gain additional access privileges or obtain sensitive information. Vulnerability List CVE-2019-7394: Caused by insufficient custom privilege validation. CVE-2019-7393: May lead to user interface redirection attacks. Risk Rating Medium Affected Platforms All supported platforms Affected Products CA Risk Authentication: 9.0, 8.x, 3.1 CA Strong Authentication: 9.0, 8.x, 7.1 Solution Customers should verify whether relevant fixes have been applied. Solutions are available on the CA Support Website. Released Patches CA Risk Authentication 9.0, CA Strong Authentication 9.0: SS08146 CA Risk Authentication 8.x, CA Strong Authentication 8.x: SS08143 CA Risk Authentication 3.1: SS08144 CA Strong Authentication 7.1: SS08145 Additional Information Contact CA Technical Support: For more information, visit the official support page. Report Vulnerabilities: Use the designated email address to report vulnerabilities.