CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities exist that can allow an attacker to conduct a variety of attacks. The first vulnerability has a medium risk rating and concerns an SSL password being stored in plain text, which can allow an attacker to access sensitive information. The second vulnerability has a high risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to access sensitive information. The third vulnerability has a high risk rating and concerns two parameters that fail to properly sanitize input, which can allow a remote attacker to execute SQL injection attacks. The fourth vulnerability has a high risk rating and concerns improper input validation by the gridExcelExport functionality, which can allow a remote attacker to execute reflected cross-site scripting attacks. The fifth vulnerability has a medium risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to conduct server side request forgery attacks.
56596d04b0760af3b1ed7bb22efd65a2422f2f3e1c4e000cf923bc45f8224959