CA Technologies is alerting customers to a vulnerability in CA Harvest Software Change Manager. A vulnerability exists that can allow a privileged user to perform CSV injection attacks and potentially execute arbitrary code or commands. Note that this vulnerability is specific to the Harvest Workbench and Eclipse Plugin interfaces. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions. The vulnerability occurs due to insufficient input validation. A privileged user can potentially execute arbitrary code or commands. Versions affected include 13.0.3, 13.0.4, 14.0.0, and 14.0.1.
a4714b8adbe4fb471da29bb68b71fdc00d58ffcb406ca48c29511036eec88952CA Technologies is alerting customers to a vulnerability in CA Network Flow Analysis (NFA). A vulnerability exists that can allow an authenticated user to perform SQL injection attacks and access sensitive data. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions. The vulnerability occurs due to insufficient input validation. An authenticated user can potentially access sensitive data. CA Network Flow Analysis versions 9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, and 21.2.1 are affected.
ac424b7c3bbc5bd14124fdfa0a0135b53b40ccc7bbf324e6be554fb4183faa61CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Unified Infrastructure Management. A vulnerability exists that can allow a local attacker to elevate privileges. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions.
d584459baf29fba4ff9057c83367150af5798891d0007b141850d6ff2f84f528CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below along with 4.3.1 are affected.
bbbce1a3b7045cbd54fc2a306c012fa2c4f6c7730e766b2fc190b6abff8b3216CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below as well as 4.3.1 are affected.
6d265b473d801c6edbd64f1ac235a8448cf52134380927f18722ca0f0b0a1813CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.
091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Automic Sysload in the File Server component. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published solutions to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to a lack of authentication on the File Server port. A remote attacker may execute arbitrary commands. CA Automic Sysload versions 5.6.0, 5.8.0, 5.8.1, 6.0.0, 6.0.1, and 6.1.2 are affected.
7f9d760a9287eb2e921292fabe2942c4c7cd56f91f9cd5d68d19dab72173ab1eCA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.
2d0f5efc3794a546ccb3a1a16e6a7ffb08045f0e8c7fd8e494d47a2b7001e01dCA Technologies Support is alerting customers to a potential risk with CA Release Automation. A vulnerability exists that can allow an attacker to potentially execute arbitrary code. The vulnerability has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code.
4fc4b066351e50f874af68872fd64d5bec84276aff293512264657be23e122caCA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.
a4455b199d6346df10c220027991719705141f33a067ce43f7b651f5e6a4d79dCA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.
e96803cc63a6f3f9a3937d46a106a0ea76325469c5a8f0baba0c2727dc8b5776CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attacks or execute code remotely. The first vulnerability in CA Workload Automation AE has a medium risk rating and concerns insufficient data validation that can allow an authenticated remote attacker to conduct SQL injection attacks. The second vulnerability in CA Workload Control Center has a high risk rating and concerns an Apache MyFaces configuration that can allow an authenticated remote attacker to conduct remote code execution attacks.
6b08e25b22ed206c621e2b2509af3c001c02e5de10b5fd7a3c6fc36b019b3700CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.
401bc9e25b7ad17f38793debbf4334be9ee3ec63ae80d59175c80f5dfab7a0f5CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219CA Release Automation (formerly CA LISA Release Automation) suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Versions 4.7.1 Build 413 and earlier are affected.
0653e6f753223236bc7e18d2e1538e854fd0951b8c497541ffb7dc11afb28484CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.
3db7713d504c91a2a12a2610e9cd8a98e74b36f790d1df3c77d0e4b33c6098c5CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.
cd70166d5a87d345097aa5d535e0e71a59c770f9dfeb06ac3274b16b979bdcfdCA Technologies Support is alerting customers to a potential risk in CA 2E Web Option (C2WEB). A vulnerability exists that can allow an attacker to exploit an authentication weakness and execute a session prediction attack. The vulnerability is due to a predictable session token. An unauthenticated attacker can manipulate a session token to gain privileged access to a valid session. CA Technologies has issued fixes to address the vulnerability.
247fe44dc1a90f28ce7172ae849a60bcf1082bf0a37c830c18c17a151f66419cCA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.
00c833f0f4bdb71ad9ab62c3e72c38e46850fe381f35445ff8191b02cd7c4a9cCA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.
d49452eb07c7dac5ca08b669f45a87e17032447b86a511ba9d8c52ea0e06bd22CA Technologies Support is alerting customers to two potential risks in CA License (also known as CA Licensing). Vulnerabilities exist that can allow a local attacker to execute arbitrary commands or gain elevated access. CA Technologies has issued patches to address the vulnerabilities.
a686e05a8022e290ebcb8cb2967e730ff4895e66d56870e96471d0865e095807CA Technologies Support is alerting customers to a potential risk in CA SiteMinder, CA Federation Manager, CA SOA Security Manager, CA SiteMinder Secure Proxy Server, and CA SiteMinder SharePoint Agent. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim's browser.
bee32b648c27b81d977c473a860c1af6b9a6ed55ee8678a203114d875ae45257CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.
5f7582e4c67739253ed079afcbce2912fb91b1a5d275896bcb931df277369cf8CA Technologies support is alerting customers to a security risk associated with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to access credentials and execute arbitrary commands. CA Technologies has issued a patch to address the vulnerability. The vulnerability is due to improper session handling. A remote attacker can access credentials and execute arbitrary commands.
0f8690234c9458e89fba2a3b5ffd8ff10cb3e753bde1badebbde07e6bd6e2e20CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user.
54d353436068f5967916378335b32cc7d35d97264b19d01f20dab55f3ff1a995
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed