CVE-2010-1223

Name of the Vulnerable Software and Affected Versions CA XOsoft versions r12.0 through r12.5

Description The issue allows remote attackers to execute arbitrary code. This can be achieved via a malformed request to the "ws man/xosoapapi.asmx" SOAP endpoint or by sending a long string to the "entry point.aspx" service.

Recommendations For versions r12.0 through r12.5, consider disabling the xosoapapi.asmx and entry point.aspx services until a patch is available to prevent remote code execution. Restrict access to these services to minimize the risk of exploitation. Avoid using the xosoapapi.asmx endpoint and the entry point.aspx service until the issue is resolved.