CVE-2011-1653

Name of the Vulnerable Software and Affected Versions CA Total Defense versions prior to r12 SE2

Description The issue involves multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via various vectors, including the UnAssignFunctionalRoles, UnassignAdminRoles, DeleteFilter, NonAssignedUserList, DeleteReportLayout, DeleteReports, and RegenerateReport stored procedures.

Recommendations For versions prior to r12 SE2, update to r12 SE2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable stored procedures until a patch is available. Avoid using the vulnerable stored procedures in the UNC Management Console until the issue is resolved.