Computer Associates Unicenter Asset Management Multiple Vulnerabilities
BID:12702
Info
Computer Associates Unicenter Asset Management Multiple Vulnerabilities
| Bugtraq ID: | 12702 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 02 2005 12:00AM |
| Updated: | Mar 02 2005 12:00AM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Computer Associates Unicenter Asset Management 4.0 |
| Not Vulnerable: | |
Discussion
Computer Associates Unicenter Asset Management Multiple Vulnerabilities
Unicenter Asset Management is reported prone to multiple vulnerabilities that may allow attackers to disclose sensitive information and carry out HTML injection and SQL injection attacks.
The following specific issues were identified:
It is reported that attackers with access to the admin console can disclose the masked SQL Admin password.
The application is also reported prone to an HTML injection vulnerability. This issue arises due to an input validation error and may allow remote attackers to execute arbitrary HTML and script code in a user's browser.
An SQL injection vulnerability exists in the application as well. This issue exists in the Query Designer and may allow remote attackers to inject malicious SQL code in to imported files.
Unicenter Asset Management 4.0 for Windows is reported prone to these issues.
Unicenter Asset Management is reported prone to multiple vulnerabilities that may allow attackers to disclose sensitive information and carry out HTML injection and SQL injection attacks.
The following specific issues were identified:
It is reported that attackers with access to the admin console can disclose the masked SQL Admin password.
The application is also reported prone to an HTML injection vulnerability. This issue arises due to an input validation error and may allow remote attackers to execute arbitrary HTML and script code in a user's browser.
An SQL injection vulnerability exists in the application as well. This issue exists in the Query Designer and may allow remote attackers to inject malicious SQL code in to imported files.
Unicenter Asset Management 4.0 for Windows is reported prone to these issues.
Exploit / POC
Computer Associates Unicenter Asset Management Multiple Vulnerabilities
An exploit is not required to leverage these issues.
An exploit is not required to leverage these issues.
Solution / Fix
Computer Associates Unicenter Asset Management Multiple Vulnerabilities
Solution:
The vendor has released a fix (QO64323) to address these issues.
Computer Associates Unicenter Asset Management 4.0
Solution:
The vendor has released a fix (QO64323) to address these issues.
Computer Associates Unicenter Asset Management 4.0
-
Computer Associates QO64323
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo6432 3
References
Computer Associates Unicenter Asset Management Multiple Vulnerabilities
References:
References:
- UAM 40-CONSOLE SECURITY VULNERABILITIES (Computer Associates)
- Unicenter Asset Management Product Page (Computer Associates)