CA Workload Automation AE and Workload Control Center Multiple Security Vulnerabilities
BID:103742
CVE-2018-8953 | CVE-2018-8954 |Info
CA Workload Automation AE and Workload Control Center Multiple Security Vulnerabilities
| Bugtraq ID: | 103742 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-8953 CVE-2018-8954 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2018 12:00AM |
| Updated: | Mar 29 2018 12:00AM |
| Credit: | Hamed Merati and Kacper Nowak from Sense of Security Labs |
| Vulnerable: |
Ca Workload Control Center r11.4 SP5 Ca Workload Control Center r11.4 Ca Workload Automation AE r11.3.6 SP6 Ca Workload Automation AE r11.3.6 Ca Workload Automation AE r11.3.5 Ca Workload Automation AE r11.3.0 |
| Not Vulnerable: |
Ca Workload Control Center r11.4 SP6 Ca Workload Automation AE r11.3.6 SP7 |
Discussion
CA Workload Automation AE and Workload Control Center Multiple Security Vulnerabilities
CA Workload Automation AE and Workload Control Center are prone to multiple security vulnerabilities.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to execute arbitrary code.
The following products and versions are vulnerable:
Workload Automation AE r11.3.5, r11.3.6 SP6 and prior
Workload Control Center r11.4 SP5 and prior
CA Workload Automation AE and Workload Control Center are prone to multiple security vulnerabilities.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to execute arbitrary code.
The following products and versions are vulnerable:
Workload Automation AE r11.3.5, r11.3.6 SP6 and prior
Workload Control Center r11.4 SP5 and prior
Exploit / POC
CA Workload Automation AE and Workload Control Center Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
CA Workload Automation AE and Workload Control Center Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
CA Workload Automation AE and Workload Control Center Multiple Security Vulnerabilities
References:
References:
- CA Homepage (CA Technologies)
- CA20180329-01: Security Notice for Workload Automation AE and Workload Control (CA)