CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal version 9.5. The vulnerabilities occur due to insufficient path verification. A remote unauthenticated attacker can use directory traversal attacks to gain sensitive information, cause a denial of service condition, gain additional access, or potentially execute arbitrary code.
1fa77a7f3fc523298c5d236fa24d1b5a144393aef591858b7d37f886f4712e9c-----BEGIN PGP SIGNED MESSAGE-----
CA20140403-01: Security Notice for CA Erwin Web Portal
Issued: April 03, 2014
CA Technologies Support is alerting customers to multiple
vulnerabilities with CA Erwin Web Portal.
The vulnerabilities, CVE-2014-2210, occur due to insufficient path
verification. A remote unauthenticated attacker can use directory
traversal attacks to gain sensitive information, cause a denial of
service condition, gain additional access, or potentially execute
arbitrary code.
Risk Rating
High
Platform
Windows
Affected Products
CA ERwin Web Portal Version 9.5
How to determine if the installation is affected
1. View the About page
2. Find the Build Date
3. The Build Date should be equal to or greater than March 20, 2014
otherwise the installation is vulnerable.
Solution
CA ERwin Web Portal Version 9.5:
MIMM-win32-721-20140320.exe
References
CVE-2014-2210 - Erwin Web Portal directory traversal
CA20140403-01: Security Notice for CA Erwin Web Portal
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
Acknowledgement
Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at https://support.ca.com/
If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln@ca.com
Security Notices
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
Security Response Blog
http://blogs.ca.com/securityresponse/
Regards,
Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team
Copyright (c) 2014 CA. All Rights Reserved. One CA Plaza, Islandia,
N.Y. 11749. All other trademarks, trade names, service marks, and
logos referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8
wsBVAwUBUz3BlJI1FvIeMomJAQFGFwgAg9xsObnZ5tS2DEf8XpJOogmfNlzSLBq0
8R1cFgc4SkmA8/ls0sMkFqBCTeg655nIx9AEUmzhiTN3TKOs3W7NE2+AEYUZEale
WSb4WkwTATtnBwvbyKhVgFfYTw0pB0ItOqDxWZzOo4ND6bsikqcog54GAlhCx+0X
Iv2Z/JEBF3s68mWT8WrrkPZujO91I0vXpZsx1Gd/31smoIRw+WkryD/TRbo83cXo
L5TtB25A6FTjNqR0m1hUznJjgxyPVqsx3fwdoWz+e5iG7ZQmCoHwW4ClQ9qNeaAj
5cgqWdlB5lRSkqczz8nPkEsjs1dHq44Qv+Api+hgOWQ8cvo1xQwetA==
=reTg
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed