PT-2018-12210 · Ca · Ca Ppm
Published
2018-08-30
·
Updated
2021-04-12
·
CVE-2018-13826
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
CA PPM versions 14.3 and below
CA PPM version 14.4
CA PPM versions 15.1 through 15.2 CP5 and below
CA PPM versions 15.3 through 15.3 CP2 and below
Description
The issue is related to an XML external entity vulnerability in the XOG functionality. This allows remote attackers to conduct server-side request forgery attacks.
Recommendations
For CA PPM versions 14.3 and below, update to a version above 14.3.
For CA PPM version 14.4, update to a version above 14.4.
For CA PPM versions 15.1 through 15.2 CP5 and below, update to a version above 15.2 CP5.
For CA PPM versions 15.3 through 15.3 CP2 and below, update to a version above 15.3 CP2.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ca Ppm