exploit the possibilities

CA Service Desk Manaager 12.9 / 14.1 Code Execution

CA Service Desk Manaager 12.9 / 14.1 Code Execution
Posted Nov 10, 2016
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.

tags | advisory, remote, web, arbitrary, xss
advisories | CVE-2016-9148
MD5 | b19dab558799222fe5896e758ea4ad6a

CA Service Desk Manaager 12.9 / 14.1 Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20161109-02: Security Notice for CA Service Desk Manager

Issued: November 09, 2016

CA Technologies Support is alerting customers to a vulnerability in CA
Service Desk Manager (formerly CA Service Desk). A reflected cross site
scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM
parameter of the SDM web interface. A remote attacker, who can trick a
user into clicking on or visiting a specially crafted link, could
potentially execute arbitrary code on the targeted user's system. CA
Technologies has assigned a Medium risk rating to this vulnerability.
A solution is available.


Risk Rating

Medium


Platform(s)

All


Affected Products

CA Service Desk Manager 12.9, 14.1


How to determine if the installation is affected

Check the web.cfg file for the existence of the solution detailed in KB
article TEC1774903.


Solution

Implement the solution detailed in KB article TEC1774903.


Workaround

None


References

CVE-2016-9148 - SDM QBE.EQ.REF_NUM Reflected XSS Vulnerability


Acknowledgement

CVE-2016-9148 - Jerold Hoong


Change History

Version 1.0: Initial Release, 2016-11-09


If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please report
your findings to the CA Technologies Product Vulnerability Response Team
at vuln <AT> ca.com

CA Technologies Security Notices can be found at https://support.ca.com/
CA Product Vulnerability Response Team PGP Key:
https://www.ca.com/us/support/ca-support-online/documents.aspx?id=177782


Regards,

Ken Williams
Vulnerability Response Director, CA Product Vulnerability Response Team


Copyright (c) 2016 CA. All Rights Reserved. 520 Madison Avenue, 22nd
Floor, New York, NY 10022. All other trademarks, trade names, service
marks, and logos referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 16620)
Charset: utf-8

wsFVAwUBWCO8pjuotw2cX+zOAQrdBhAAk/TAQ+kNGxUGvNF4R8VX6Q8olUoZO/sg
q4/t9MVAybGrzV/VQe3zzMWkSR3rbbbV8C8GAWBMZbZ/RjOTiX//L2Cy/uXpzRPo
BF5RL5B3NkCIyRN1Ujh/812hXmSBSiFRJchZOSLBnGNAEE0VeTnuDAQjolzSVr9Q
FTqggxkXLwv00GH+12RIYlI1YRoS9+GEs9zY3qONy1/9HeJSfH2jOiA+3owdtIxB
QSorxmWvpQt9sJRmNi98Jvoyt+HhdXVVdXB6GsthQOKvRsBnBnTENLuaC3g3W8Ur
MI2Rjs9ioujyAeLT4i/5pAk3e9w5ix7078cPzBf5bGPHRN8WwXUgJwOQzwc9IJr4
Vqv/kJsqdRTPevLnl0uZcpcTmmzACRVW3I+XqdslOFPzlx9jGogPoUF/S6nCfmZX
tG+nWyMxTpi0JU9xEqqIvIB6bME6GwlkJ+acuP2k+oBuEMs/lkk4C83RHHmvlg1t
0pjnrpBN/tGeJxXzjhU0rncDEDq5QFI3DeVnqOlL4cpbuV+SBwfD9xiQWtUF9uks
u8z8/oR8mluhV9m5njceGM2ElIOC7iLuOLSfl8wRnF4OI4LB+D8cVI4oFEUNdzEv
6QITaRP85UWK/O4csiw23r74SLrQgndCNDuRz9jT30J9AVDpBRLsbidlNEKdfoJD
gf7R0BB8auY=
=wAmu
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close