exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Service Desk Manaager 12.9 / 14.1 Code Execution

CA Service Desk Manaager 12.9 / 14.1 Code Execution
Posted Nov 10, 2016
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.

tags | advisory, remote, web, arbitrary, xss
advisories | CVE-2016-9148
SHA-256 | 673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219

CA Service Desk Manaager 12.9 / 14.1 Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20161109-02: Security Notice for CA Service Desk Manager

Issued: November 09, 2016

CA Technologies Support is alerting customers to a vulnerability in CA
Service Desk Manager (formerly CA Service Desk). A reflected cross site
scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM
parameter of the SDM web interface. A remote attacker, who can trick a
user into clicking on or visiting a specially crafted link, could
potentially execute arbitrary code on the targeted user's system. CA
Technologies has assigned a Medium risk rating to this vulnerability.
A solution is available.


Risk Rating

Medium


Platform(s)

All


Affected Products

CA Service Desk Manager 12.9, 14.1


How to determine if the installation is affected

Check the web.cfg file for the existence of the solution detailed in KB
article TEC1774903.


Solution

Implement the solution detailed in KB article TEC1774903.


Workaround

None


References

CVE-2016-9148 - SDM QBE.EQ.REF_NUM Reflected XSS Vulnerability


Acknowledgement

CVE-2016-9148 - Jerold Hoong


Change History

Version 1.0: Initial Release, 2016-11-09


If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please report
your findings to the CA Technologies Product Vulnerability Response Team
at vuln <AT> ca.com

CA Technologies Security Notices can be found at https://support.ca.com/
CA Product Vulnerability Response Team PGP Key:
https://www.ca.com/us/support/ca-support-online/documents.aspx?id=177782


Regards,

Ken Williams
Vulnerability Response Director, CA Product Vulnerability Response Team


Copyright (c) 2016 CA. All Rights Reserved. 520 Madison Avenue, 22nd
Floor, New York, NY 10022. All other trademarks, trade names, service
marks, and logos referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 16620)
Charset: utf-8

wsFVAwUBWCO8pjuotw2cX+zOAQrdBhAAk/TAQ+kNGxUGvNF4R8VX6Q8olUoZO/sg
q4/t9MVAybGrzV/VQe3zzMWkSR3rbbbV8C8GAWBMZbZ/RjOTiX//L2Cy/uXpzRPo
BF5RL5B3NkCIyRN1Ujh/812hXmSBSiFRJchZOSLBnGNAEE0VeTnuDAQjolzSVr9Q
FTqggxkXLwv00GH+12RIYlI1YRoS9+GEs9zY3qONy1/9HeJSfH2jOiA+3owdtIxB
QSorxmWvpQt9sJRmNi98Jvoyt+HhdXVVdXB6GsthQOKvRsBnBnTENLuaC3g3W8Ur
MI2Rjs9ioujyAeLT4i/5pAk3e9w5ix7078cPzBf5bGPHRN8WwXUgJwOQzwc9IJr4
Vqv/kJsqdRTPevLnl0uZcpcTmmzACRVW3I+XqdslOFPzlx9jGogPoUF/S6nCfmZX
tG+nWyMxTpi0JU9xEqqIvIB6bME6GwlkJ+acuP2k+oBuEMs/lkk4C83RHHmvlg1t
0pjnrpBN/tGeJxXzjhU0rncDEDq5QFI3DeVnqOlL4cpbuV+SBwfD9xiQWtUF9uks
u8z8/oR8mluhV9m5njceGM2ElIOC7iLuOLSfl8wRnF4OI4LB+D8cVI4oFEUNdzEv
6QITaRP85UWK/O4csiw23r74SLrQgndCNDuRz9jT30J9AVDpBRLsbidlNEKdfoJD
gf7R0BB8auY=
=wAmu
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close