exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Service Desk Manager 12.9 / 14.1 Information Disclosure

CA Service Desk Manager 12.9 / 14.1 Information Disclosure
Posted Jan 13, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists in RESTful web services that can potentially allow a remote authenticated attacker to view or modify sensitive information. Fixes are available. The vulnerability is due to incorrect permissions being applied to certain RESTful requests that can allow a malicious user to view or update task information. This vulnerability only affects CA Service Desk Manager installations with RESTful web services running.

tags | advisory, remote, web
advisories | CVE-2016-10086
SHA-256 | 5eaa0a51abb6cbbce7313b731afe8060e9963da4b88081a5490512776e70f978

CA Service Desk Manager 12.9 / 14.1 Information Disclosure

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170109-01: Security Notice for CA Service Desk Manager

Issued: January 10, 2017
Last Updated: January 10, 2017

CA Technologies support is alerting customers to a potential risk
with CA Service Desk Manager. A vulnerability exists in RESTful
web services that can potentially allow a remote authenticated
attacker to view or modify sensitive information. Fixes are
available.

The vulnerability, CVE-2016-10086, is due to incorrect permissions
being applied to certain RESTful requests that can allow a malicious
user to view or update task information. This vulnerability only
affects CA Service Desk Manager installations with RESTful web
services running.

Risk Rating

Medium

Platform(s)

Windows, Linux, Solaris, Aix

Affected Products

CA Service Desk Manager 12.9
CA Service Desk Manager 14.1

How to determine if the installation is affected

If RESTful web services are installed, the product could be
vulnerable. Please check if RESTful web services are installed and
running. The following command on the server where Service Desk is
installed can give the status of the RESTful web services:

pdm_tomcat_nxd -c status -t REST

If the status is Running, the product installation is vulnerable.

Solution

Product Version, Platform
Fix

12.9, Windows
RO93722

12.9, Linux
RO93730

12.9, Solaris
T52Y601

12.9, AIX
T52Y602

14.1, Windows
RO93720

14.1, Linux
RO93721

14.1, Solaris
T52Y593

14.1, AIX
T52Y594

Note: Customers must request "T" fixes and non-English fixes from CA
support. Published "RO" fixes can be downloaded from the Service Desk
Manager product page on the "Solutions & Patches" sub-page.

https://support.ca.com/

References

CVE-2016-10086 - CA Service Desk Manager RESTful web services task
vulnerability

Acknowledgement

CVE-2016-10086 - Bruno de Barros Bulle

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2017 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBWHbfQDuotw2cX+zOAQrhqBAAiHOi4d5Gte9wH5zIzh7Nw0r+P0iYGku9
OdnySuP9yXF+NzsGlwSukhKhchUR8AG74h88jeNeqaSFPL6RbAMllyQQ4h0oup/8
R+3MOTL31hm0Ig1vNq1DR8BPkc8TrjA+LCYKUXRUOV2Rn8Bi/NOjkod2nD3WrDq7
jKsRdUo4/T/lcjnCiCf3DXy/Oh5/0xKb/+gIG/tfMd3TK2VQnUsijTJ/skWxyL9o
fCvyVXaqvPrai9ZWkTvAzWGFWeEMrOaNXPs4KAxzaw8OwRzLObgRbfCQMJDrfnKZ
8UcJ3oqd2PfdJevH/uNPKB1gknjLyGF6jM8YZPk3XtnbrCV44ZOpbR4DDSmPPsB+
UyxbzhZfAQu3C+DVfWS6oIV3iQP5b/fKUjzIx7lw6nCggIp/wCP7craxYTyNpJvI
84KrlFmy6l8pOU7+jOoPdkoIrMRwxn6g0AjX6QHiuKCNyNBGKm+zMyeGo7Sn8f70
mMidcJ/SfPpFPiC7GsOUIf1i9ZRzZZQS4lsySMkXOlwYaTDpvFURj751yXU6bkyx
EnZBazvy/ST/5spb7LFMu2bf6SnjlPknGfx/KUcbZLNcx5MoOxhPSFhs7k2t8hAD
HLvmY3C9cHbs61u3aQLMc6HpPfr/yblYipryAd4OME+X1Woa3w9VgnkXZTPN7m6E
9BzkdVZk19Q=
=2Xtz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close