CVE-2011-1655

Name of the Vulnerable Software and Affected Versions CA Total Defense versions prior to r12 SE2

Description The issue allows remote attackers to obtain database credentials by sniffing the network, due to the management.asmx module in the Management Web Service sending a cleartext response to getDBConfigSettings requests. This could subsequently enable the execution of arbitrary code.

Recommendations For versions prior to r12 SE2, update to r12 SE2 or later to resolve the issue. As a temporary workaround, consider restricting access to the management.asmx module to minimize the risk of exploitation. Avoid using the getDBConfigSettings request in the affected API endpoint until the issue is resolved.