what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CA Service Desk Manager 12.9 / 14.1 Information Disclosure

CA Service Desk Manager 12.9 / 14.1 Information Disclosure
Posted Jan 13, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists in RESTful web services that can potentially allow a remote authenticated attacker to view or modify sensitive information. Fixes are available. The vulnerability is due to incorrect permissions being applied to certain RESTful requests that can allow a malicious user to view or update task information. This vulnerability only affects CA Service Desk Manager installations with RESTful web services running.

tags | advisory, remote, web
advisories | CVE-2016-10086
SHA-256 | 5eaa0a51abb6cbbce7313b731afe8060e9963da4b88081a5490512776e70f978

CA Service Desk Manager 12.9 / 14.1 Information Disclosure

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170109-01: Security Notice for CA Service Desk Manager

Issued: January 10, 2017
Last Updated: January 10, 2017

CA Technologies support is alerting customers to a potential risk
with CA Service Desk Manager. A vulnerability exists in RESTful
web services that can potentially allow a remote authenticated
attacker to view or modify sensitive information. Fixes are
available.

The vulnerability, CVE-2016-10086, is due to incorrect permissions
being applied to certain RESTful requests that can allow a malicious
user to view or update task information. This vulnerability only
affects CA Service Desk Manager installations with RESTful web
services running.

Risk Rating

Medium

Platform(s)

Windows, Linux, Solaris, Aix

Affected Products

CA Service Desk Manager 12.9
CA Service Desk Manager 14.1

How to determine if the installation is affected

If RESTful web services are installed, the product could be
vulnerable. Please check if RESTful web services are installed and
running. The following command on the server where Service Desk is
installed can give the status of the RESTful web services:

pdm_tomcat_nxd -c status -t REST

If the status is Running, the product installation is vulnerable.

Solution

Product Version, Platform
Fix

12.9, Windows
RO93722

12.9, Linux
RO93730

12.9, Solaris
T52Y601

12.9, AIX
T52Y602

14.1, Windows
RO93720

14.1, Linux
RO93721

14.1, Solaris
T52Y593

14.1, AIX
T52Y594

Note: Customers must request "T" fixes and non-English fixes from CA
support. Published "RO" fixes can be downloaded from the Service Desk
Manager product page on the "Solutions & Patches" sub-page.

https://support.ca.com/

References

CVE-2016-10086 - CA Service Desk Manager RESTful web services task
vulnerability

Acknowledgement

CVE-2016-10086 - Bruno de Barros Bulle

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2017 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBWHbfQDuotw2cX+zOAQrhqBAAiHOi4d5Gte9wH5zIzh7Nw0r+P0iYGku9
OdnySuP9yXF+NzsGlwSukhKhchUR8AG74h88jeNeqaSFPL6RbAMllyQQ4h0oup/8
R+3MOTL31hm0Ig1vNq1DR8BPkc8TrjA+LCYKUXRUOV2Rn8Bi/NOjkod2nD3WrDq7
jKsRdUo4/T/lcjnCiCf3DXy/Oh5/0xKb/+gIG/tfMd3TK2VQnUsijTJ/skWxyL9o
fCvyVXaqvPrai9ZWkTvAzWGFWeEMrOaNXPs4KAxzaw8OwRzLObgRbfCQMJDrfnKZ
8UcJ3oqd2PfdJevH/uNPKB1gknjLyGF6jM8YZPk3XtnbrCV44ZOpbR4DDSmPPsB+
UyxbzhZfAQu3C+DVfWS6oIV3iQP5b/fKUjzIx7lw6nCggIp/wCP7craxYTyNpJvI
84KrlFmy6l8pOU7+jOoPdkoIrMRwxn6g0AjX6QHiuKCNyNBGKm+zMyeGo7Sn8f70
mMidcJ/SfPpFPiC7GsOUIf1i9ZRzZZQS4lsySMkXOlwYaTDpvFURj751yXU6bkyx
EnZBazvy/ST/5spb7LFMu2bf6SnjlPknGfx/KUcbZLNcx5MoOxhPSFhs7k2t8hAD
HLvmY3C9cHbs61u3aQLMc6HpPfr/yblYipryAd4OME+X1Woa3w9VgnkXZTPN7m6E
9BzkdVZk19Q=
=2Xtz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close