PT-2010-2929 · Ca · Ca Xosoft

Published

2010-04-06

Updated

2018-10-10

CVE-2010-1223

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA XOsoft versions r12.0 through r12.5

Description The issue allows remote attackers to execute arbitrary code. This can be achieved via a malformed request to the "ws man/xosoapapi.asmx" SOAP endpoint or by sending a long string to the "entry point.aspx" service.

Recommendations For versions r12.0 through r12.5, consider disabling the xosoapapi.asmx and entry point.aspx services until a patch is available to prevent remote code execution. Restrict access to these services to minimize the risk of exploitation. Avoid using the xosoapapi.asmx endpoint and the entry point.aspx service until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-1223

ZDI-10-065

ZDI-10-066

Affected Products

Ca Xosoft

PT-2010-2929 · Ca · Ca Xosoft

CVE-2010-1223

Weakness Enumeration

Related Identifiers

Affected Products

References · 10