Important Security Notice
For Unicenter™ Management Portal Customers

The Computer Associates (CA) Technical Support team wants to alert our valued Unicenter™ Management Portal customers about a potential security problem using their Unicenter™ Management Portal solution in combination with Tomcat servers 3.3.1 and earlier. Under certain circumstances, remote users may be able to retrieve listings of directories and contents of files for which they are not authorized. The security vulnerability does not exist within the Unicenter Management Portal™ product, but within the Tomcat Server that ships with Unicenter Management Portal™.

After evaluating the problem, CA Technical Support feels the risk to Unicenter™ Management Portal customers is moderate. We advise our customers to examine the product-specific solution available on StarTCC for Unicenter™ Management Portal.

In addition, customers can read the information available at: http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a to fully determine for themselves how this problem could compromise the security of their corporate computing environments.

Note: Tomcat 3.3.1a has not been officially certified for use with the Unicenter Management Portal™. Clients using the Tomcat server who decide to upgrade should upgrade to Tomcat version 4.0.6.

We are proactively providing you with this information because the continued success of your business is important to us.