CA PPM Multiple Security Vulnerabilities
BID:105297
CVE-2018-13822 | CVE-2018-13823 | CVE-2018-13824 | CVE-2018-13825 | CVE-2018-13826 |Info
CA PPM Multiple Security Vulnerabilities
| Bugtraq ID: | 105297 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-13823 CVE-2018-13824 CVE-2018-13825 CVE-2018-13826 CVE-2018-13822 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 29 2018 12:00AM |
| Updated: | Aug 29 2018 12:00AM |
| Credit: | Piotr Domirski |
| Vulnerable: |
Ca Project Portfolio Management 15.3 Ca Project Portfolio Management 15.2 Ca Project Portfolio Management 15.1 Ca Project Portfolio Management 14.4 Ca Project Portfolio Management 14.3 |
| Not Vulnerable: |
Ca Project Portfolio Management 15.4.1 Ca Project Portfolio Management 15.4 |
Discussion
CA PPM Multiple Security Vulnerabilities
CA PPM is prone to the following security vulnerabilities:
1. An information disclosure vulnerability
2. Multiple XML external entity vulnerabilities
3. Multiple SQL injection vulnerability
4. A cross-site scripting vulnerability
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass certain security restrictions or perform unauthorized actions in the context of the affected application and disclose sensitive information. Other attacks are also possible.
CA PPM is prone to the following security vulnerabilities:
1. An information disclosure vulnerability
2. Multiple XML external entity vulnerabilities
3. Multiple SQL injection vulnerability
4. A cross-site scripting vulnerability
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass certain security restrictions or perform unauthorized actions in the context of the affected application and disclose sensitive information. Other attacks are also possible.
Exploit / POC
CA PPM Multiple Security Vulnerabilities
An attacker can exploit this issue using readily available tools.
An attacker can exploit this issue using readily available tools.
Solution / Fix
CA PPM Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.