Computer Associates Threat Manager Remote Information Disclosure Vulnerability

Bugtraq ID:	26012
Class:	Access Validation Error
CVE:	CVE-2007-5439
Remote:	Yes
Local:	No
Published:	Oct 10 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Michal Bucko is credited with the discovery of this issue.
Vulnerable:	Computer Associates Threat Manager r8.1
Not Vulnerable:

Computer Associates Threat Manager Remote Information Disclosure Vulnerability

Computer Associates Threat Manager is prone to a remote information-disclosure vulnerability because it fails to restrict access to certain files.

Attackers can exploit this issue to obtain potentially sensitive data that could aid in further attacks.

Threat Manager r8.1 is vulnerable; other versions may also be affected.

Computer Associates Threat Manager Remote Information Disclosure Vulnerability

Attackers can exploit this issue via a web browser.

Computer Associates Threat Manager Remote Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Computer Associates Threat Manager Remote Information Disclosure Vulnerability

References:

• CA eTrust ITM Remote Sensitive Information Disclosure (Eleytt)
  
• Computer Associates Homepage (Computer Associates)
  
• [ELEYTT] 10PAZDZIERNIK2007 ("Michal Bucko" )