CVE-2021-28246

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions through 6.3.2.12

Description: The issue is related to Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user can create a malicious library in the writable RPATH, which will be dynamically linked when the emtgtctl2 executable is run, allowing the code in the library to be executed as the ehealth user. This issue only affects products that are no longer supported by the maintainer.

Recommendations: For CA eHealth Performance Manager versions through 6.3.2.12, consider restricting access to the emtgtctl2 executable to prevent exploitation, as these versions are no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.