CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CA20161109-02: Security Notice for CA Service Desk Manager
Issued: November 09, 2016
CA Technologies Support is alerting customers to a vulnerability in CA
Service Desk Manager (formerly CA Service Desk). A reflected cross site
scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM
parameter of the SDM web interface. A remote attacker, who can trick a
user into clicking on or visiting a specially crafted link, could
potentially execute arbitrary code on the targeted user's system. CA
Technologies has assigned a Medium risk rating to this vulnerability.
A solution is available.
Risk Rating
Medium
Platform(s)
All
Affected Products
CA Service Desk Manager 12.9, 14.1
How to determine if the installation is affected
Check the web.cfg file for the existence of the solution detailed in KB
article TEC1774903.
Solution
Implement the solution detailed in KB article TEC1774903.
Workaround
None
References
CVE-2016-9148 - SDM QBE.EQ.REF_NUM Reflected XSS Vulnerability
Acknowledgement
CVE-2016-9148 - Jerold Hoong
Change History
Version 1.0: Initial Release, 2016-11-09
If additional information is required, please contact CA Technologies
Support at https://support.ca.com/
If you discover a vulnerability in CA Technologies products, please report
your findings to the CA Technologies Product Vulnerability Response Team
at vuln <AT> ca.com
CA Technologies Security Notices can be found at https://support.ca.com/
CA Product Vulnerability Response Team PGP Key:
https://www.ca.com/us/support/ca-support-online/documents.aspx?id=177782
Regards,
Ken Williams
Vulnerability Response Director, CA Product Vulnerability Response Team
Copyright (c) 2016 CA. All Rights Reserved. 520 Madison Avenue, 22nd
Floor, New York, NY 10022. All other trademarks, trade names, service
marks, and logos referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 16620)
Charset: utf-8
wsFVAwUBWCO8pjuotw2cX+zOAQrdBhAAk/TAQ+kNGxUGvNF4R8VX6Q8olUoZO/sg
q4/t9MVAybGrzV/VQe3zzMWkSR3rbbbV8C8GAWBMZbZ/RjOTiX//L2Cy/uXpzRPo
BF5RL5B3NkCIyRN1Ujh/812hXmSBSiFRJchZOSLBnGNAEE0VeTnuDAQjolzSVr9Q
FTqggxkXLwv00GH+12RIYlI1YRoS9+GEs9zY3qONy1/9HeJSfH2jOiA+3owdtIxB
QSorxmWvpQt9sJRmNi98Jvoyt+HhdXVVdXB6GsthQOKvRsBnBnTENLuaC3g3W8Ur
MI2Rjs9ioujyAeLT4i/5pAk3e9w5ix7078cPzBf5bGPHRN8WwXUgJwOQzwc9IJr4
Vqv/kJsqdRTPevLnl0uZcpcTmmzACRVW3I+XqdslOFPzlx9jGogPoUF/S6nCfmZX
tG+nWyMxTpi0JU9xEqqIvIB6bME6GwlkJ+acuP2k+oBuEMs/lkk4C83RHHmvlg1t
0pjnrpBN/tGeJxXzjhU0rncDEDq5QFI3DeVnqOlL4cpbuV+SBwfD9xiQWtUF9uks
u8z8/oR8mluhV9m5njceGM2ElIOC7iLuOLSfl8wRnF4OI4LB+D8cVI4oFEUNdzEv
6QITaRP85UWK/O4csiw23r74SLrQgndCNDuRz9jT30J9AVDpBRLsbidlNEKdfoJD
gf7R0BB8auY=
=wAmu
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed