CVE-2016-9148

Name of the Vulnerable Software and Affected Versions CA Service Desk Manager versions 12.9 through 14.1

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF NUM parameter. This can lead to the execution of malicious scripts on the client-side.

Recommendations For CA Service Desk Manager version 12.9, update to a version that fixes this issue. For CA Service Desk Manager version 14.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the QBE.EQ.REF NUM parameter to minimize the risk of exploitation.