BID:106689

CA Service Desk Manager Privilege Escalation and Information Disclosure Vulnerabilities

CVE-2018-19634 | CVE-2018-19635 |

Info

CA Service Desk Manager Privilege Escalation and Information Disclosure Vulnerabilities

Bugtraq ID:	106689
Class:	Design Error
CVE:	CVE-2018-19634 CVE-2018-19635
Remote:	Yes
Local:	No
Published:	Jan 17 2019 12:00AM
Updated:	Jan 17 2019 12:00AM
Credit:	Bui Duy Hiep
Vulnerable:	Ca Service Desk Manager 17 Ca Service Desk Manager 14.1

Not Vulnerable:	Ca Service Desk Manager 17.1.0.2 Ca Service Desk Manager 14.1.05.1

Discussion

CA Service Desk Manager Privilege Escalation and Information Disclosure Vulnerabilities

CA Service Desk Manager is prone to privilege-escalation and information-disclosure vulnerabilities.

An attacker can exploit these issues to gain elevated privileges or obtain unauthorized access to the sensitive information.

Exploit / POC

CA Service Desk Manager Privilege Escalation and Information Disclosure Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

CA Service Desk Manager Privilege Escalation and Information Disclosure Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

CA Service Desk Manager Privilege Escalation and Information Disclosure Vulnerabilities

References:

CA Homepage (Computer Associates)
CA20190117-01: Security Notice for CA Service Desk Manager (CA)