CVE-2021-41617 Security vulnerability for RSA Authentication Manager 8.6.x
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.6.x
Vulnerability : CVE-2021-41617: OpenSSH security vulnerability
CVE Identifier(s)
Link to Advisories
Alert Impact
Impacted - Apply RSA Remedy
Resolution
Upgrade to 8.7 P1
Addressed in SLES 12 SP5 for package openssh >= 7.2p2-78.13.1.
RSA Authentication Manager 8.7 P1 uses version 7.2p2-78.13.1 and so includes the fix for CVE-2021-41617.
Reference: https://www.suse.com/security/cve/CVE-2021-41617.html
Notes
Even without the fix, there is no impact from this issue since RSA Authentication Manager does not configure SSH in the manner required for the vulnerability to exist.
Also, remember that the SSH interface is not enabled by default and RSA recommends that customers DO NOT enable this interface unless required for maintenance and then disable it when maintenance is complete.
Disclaimer
Related Articles
Spring-related vulnerabilities for RSA Authentication Manager Number of Views RSA Authentication Manager CVE-2016-0800 "DROWN" Vulnerability - False Positive Number of Views Infineon Trusted Platform Module (TPM) Vulnerability (CVE-2017-15361) Impact on RSA Products Number of Views Bash bug Vulnerability (Shellshock) in RSA products Number of Views Security vulnerabilities CVE-2020-14882, CVE-2020-14883 and CVE-2020-14750, others in WebLogic an internal component in We… Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
