CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface that can allow a remote authenticated attacker to cause a denial of service condition or possibly execute arbitrary commands. CA technologies assigned a High risk rating to these vulnerabilities. CA has a solution available.
73cc896f660109cfbf1891052dd9f1b1640ae00c73cd08a56768406ad81de904-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CA20160721-01: Security Notice for CA eHealth
Issued: 2016-07-21
Last Updated: 2016-07-21
CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these vulnerabilities. CA has a solution available.
Risk Rating
CVE Identifier
Risk
Vulnerable Releases
CVE-2016-6151
High
6.2.x
CVE-2016-6152
High
6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x
Platform(s)
All
Affected Products
CA eHealth 6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x
How to determine if the installation is affected
Customers may check the build number by running the nhShowRev
command
If the installed product Fix build is less than the release in the below
table, the installation is vulnerable.
Product release
Fix build
CA eHealth 6.2.x, 6.3.x
6.3.2.13
Solution
For all releases of CA eHealth, update to version 6.3.2.13 or later to
resolve these vulnerabilities.
References
CVE-2016-6151 - CA eHealth 6.2.x remote denial of service/command
execution
CVE-2016-6152 - CA eHealth 6.2.x, 6.3.x remote denial of
service/command execution
Acknowledgement
CVE-2016-6151, CVE-2016-6152 - Ben Lincoln, NCC Group
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at https://support.ca.com/
If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com
Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782
Regards,
Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team
Copyright (c) 2016 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE-----
Charset: utf-8
wsFVAwUBV5JY3Tuotw2cX+zOAQoYbg/+JfDwXxV6pCZiGpOBpK4aXRRPwnmFIXk7
ra+MW1S1fLwz7uay+rgDWhlgzi1zzOjtNacQguQECCUa1YfSRSQnqaaF0zDv6YV7
lMDd4bfHTn8nyj1s17rhSq0X5bSFc0JmpJ4yqrTvu9fX6UmfThxHObGAnKxBVBdJ
Mt7ew1HmiKzxiTmcb59s6FbohyzXm2zDN0SYrGOZNLjnYJ4TR4GiKJ6laaFcPban
uu0HnvguZAwNLe2uxyn3E4b1726O7xGRUhi99l69unMmRATARoqMJOYqxinbllXW
enAmwS8DJ5DrnKQu5En5yx2STHTr50oFfuaAS18H1mIQyDxxD+w8me9eK6iWMlOZ
pzKZHhQ7w0snWMkF14ky7Nev9hddO/q95oowRDLYGDxEMVI99Dt+bCBMWkOZ8NWu
QO8SzIsPiVCvNGimy7+XDxOCdZ/VlgN2UHT7Dc3FkOdvuMp9/tCekKPXs/LCV7HW
irIEu1nIglEVXY7uhpMv58eUUPh0TY9iuOaru8u1V8iH1f4YEikC5I8xJw9X824z
pJdHHk8ef+ERuLkI1zFM2jm+6M4nAmF3ZBWiRmLg9bJlaixlWPB+4Yp3uobzVG/4
wqEKyXtk+DUDru1SGGAwphonQJeleCygQfqgEDRvNvuJMqdpsFSfY7lzXaHPj5Ce
oCa4qmGItmw=
=KcjQ
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed