CVE-2016-5803

Name of the Vulnerable Software and Affected Versions CA Unified Infrastructure Management versions 8.47 and earlier

Description An issue was discovered where the Unified Infrastructure Management software does not properly neutralize sequences such as '..' in pathnames constructed from external input, potentially allowing access to locations outside of the intended directory.

Recommendations For CA Unified Infrastructure Management versions 8.47 and earlier, consider restricting access to the download lar directory to minimize the risk of information disclosure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.