Merten Nagel

**Name of the Vulnerable Software and Affected Versions** CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1 **Description** The issue is related to insufficient input validation in the CSV export functionality, which can allow a privileged user to potentially execute arbitrary code or commands. **Recommendations** For versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, consider restricting access to the CSV export functionality until a fix is available. As a temporary workaround, limit the privileges of users who have access to the CSV export feature to minimize the risk of exploitation. Avoid using the CSV export functionality with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.