CVE-2014-2210

Name of the Vulnerable Software and Affected Versions CA ERwin Web Portal version 9.5

Description The issue allows remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code. This is due to multiple directory traversal vulnerabilities.

Recommendations For CA ERwin Web Portal version 9.5, apply the necessary patches or updates to fix the directory traversal vulnerabilities. As a temporary workaround, consider restricting access to sensitive information and implementing additional access controls to minimize the risk of exploitation. Avoid using the vulnerable ConfigServiceProvider and FileAccessServiceProvider until the issue is resolved. Restrict access to the downloadScriptFile.do endpoint to minimize the risk of information disclosure. Consider disabling the ProfileIconServlet and ConfigServiceProviderServlet until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.