PT-2011-3269 · Ca · Ca Total Defense

Andrea Micalizzi

Published

2011-04-13

Updated

2021-04-12

CVE-2011-1655

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CA Total Defense versions prior to r12 SE2

Description The issue allows remote attackers to obtain database credentials by sniffing the network, due to the management.asmx module in the Management Web Service sending a cleartext response to getDBConfigSettings requests. This could subsequently enable the execution of arbitrary code.

Recommendations For versions prior to r12 SE2, update to r12 SE2 or later to resolve the issue. As a temporary workaround, consider restricting access to the management.asmx module to minimize the risk of exploitation. Avoid using the getDBConfigSettings request in the affected API endpoint until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-1655

ZDI-11-127

Affected Products

Ca Total Defense

PT-2011-3269 · Ca · Ca Total Defense

CVE-2011-1655

Weakness Enumeration

Related Identifiers

Affected Products

References · 11