Twenty Year Anniversary

CA PPM Password Storage / SQL Injection / XML Injection

CA PPM Password Storage / SQL Injection / XML Injection
Posted Sep 3, 2018
Authored by Piotr Domirski | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities exist that can allow an attacker to conduct a variety of attacks. The first vulnerability has a medium risk rating and concerns an SSL password being stored in plain text, which can allow an attacker to access sensitive information. The second vulnerability has a high risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to access sensitive information. The third vulnerability has a high risk rating and concerns two parameters that fail to properly sanitize input, which can allow a remote attacker to execute SQL injection attacks. The fourth vulnerability has a high risk rating and concerns improper input validation by the gridExcelExport functionality, which can allow a remote attacker to execute reflected cross-site scripting attacks. The fifth vulnerability has a medium risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to conduct server side request forgery attacks.

tags | advisory, remote, vulnerability, xss, sql injection
advisories | CVE-2018-13822, CVE-2018-13823, CVE-2018-13824, CVE-2018-13825, CVE-2018-13826
MD5 | 1994691a99dbf07449b0f2c84758dbca

CA PPM Password Storage / SQL Injection / XML Injection

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180829-01: Security Notice for CA PPM

Issued: August 29, 2018
Last Updated: August 29, 2018

CA Technologies Support is alerting customers to multiple potential
risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities
exist that can allow an attacker to conduct a variety of attacks.

The first vulnerability, CVE-2018-13822, has a medium risk rating and
concerns an SSL password being stored in plain text, which can allow
an attacker to access sensitive information.

The second vulnerability, CVE-2018-13823, has a high risk rating and
concerns an XML external entity vulnerability in the XOG functionality,
which can allow a remote attacker to access sensitive information.

The third vulnerability, CVE-2018-13824, has a high risk rating and
concerns two parameters that fail to properly sanitize input, which
can allow a remote attacker to execute SQL injection attacks.

The fourth vulnerability, CVE-2018-13825, has a high risk rating and
concerns improper input validation by the gridExcelExport
functionality, which can allow a remote attacker to execute reflected
cross-site scripting attacks.

The fifth vulnerability, CVE-2018-13826, has a medium risk rating and
concerns an XML external entity vulnerability in the XOG functionality,
which can allow a remote attacker to conduct server side request
forgery attacks.


Risk Rating

Cumulative risk rating: High


Platform(s)

All supported platforms


Affected Products

CA PPM 14.3 and below
CA PPM 14.4
CA PPM 15.1
CA PPM 15.2
CA PPM 15.3


Unaffected Products

CA PPM 15.2 with appropriate patch level listed in Solution section
of this document.
CA PPM 15.3 with appropriate patch level listed in Solution section
of this document.
CA PPM 15.4
CA PPM 15.4.1


How to determine if the installation is affected

Customers can use the CA PPM Classic interface to find the release and
patch level by clicking on "About" in the upper right corner of any
screen.


Solution

CA Technologies published the following solutions to address the
vulnerabilities.

CA PPM 15.3:
Apply 15.3.Cumulative Patch 3 (15.3.0.3) or later.

CA PPM 15.2:
Apply 15.2 Cumulative Patch 6 (15.2.0.6) or later.

CA PPM 15.1:
Please contact CA Technologies Support for assistance. Note that
CA PPM 15.1 will reach End of Service (EOS) on April 30, 2019.

CA PPM 14.4:
Please contact CA Technologies Support for assistance. Note that
CA PPM 14.4 will reach End of Service (EOS) on October 31, 2018.

CA PPM 14.3 and below:
As you plan your upgrade to the latest release, please feel free to
contact CA Technologies Support should you have any questions.


References

CVE-2018-13822 - CA PPM unencrypted SSL password
CVE-2018-13823 - CA PPM XXE in XOG info disclosure
CVE-2018-13824 - CA PPM SQL injection
CVE-2018-13825 - CA PPM gridExcelExport Reflected XSS
CVE-2018-13826 - CA PPM XXE in XOG SSRF


Acknowledgement

CVE-2018-13822 - Piotr Domirski
CVE-2018-13823 - Piotr Domirski
CVE-2018-13824 - Piotr Domirski
CVE-2018-13825 - Piotr Domirski
CVE-2018-13826 - Piotr Domirski


Change History

Version 1.0: 2018-08-29 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022


Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsFVAwUBW4llorlJjor7ahBNAQh0XxAAgxdkwPjBI22xUdXwFHcVWec/qQWX/25B
h/MNN8HdlwKL3IV0MCnncHFaHkoGbQAhtyo5wyY9ql2GCBKUiLYNtDdXrBg1AlTw
MrgJnW0FkxiDvt90mIuWITkCF52sBVvoCCHfFvH781Z1PYlmThmcrf4Pc3kXunIs
a/pD9JMnBKBQEYUmdSHddqZ58pia+mYGlJY0b9fcNkYzqaMYx2QFh7TFeSq0wf1D
tZPQ7XOu69hOA2pE6/9XHqN5DyRk4rEXaTLHMNN+i9DXB1+aXdLNBAlnuSWi3hVU
oHtz8VULoVNrYZygcMOnQz9HusJcH8XaIv8hurqObzH5n3RsrGlvDM/9SxYaVE/j
m8x2yuiOBFQLO2elCnr2xEe9Qsrmkak8c8Ddkuc9e9mxas5ss1wdE/j5rpOzYIwG
QzJD+7nznBvAR8NG/jSVFMYu/M6zDmseKE0tPYHy8oDAV8VOhuoOJ05OoXWVnuc3
BXFfrWxdb6+C831QUs5HEuPfdETJPsUmZE4cGjeesVmInX7X729rtXDX/IIYQBli
3K+TFtxyMCmhAaNgRWt4Kgfv2v+WSEvVV1S9ivowrrDb+5KxnKqx2ib/+ZVJ2jhP
jj8p6bOKSlFqpU8mR767oNwslsIO4bBDvFsT4UO4bwSmxiwbSjwbHkIuAdXG0dCL
MRY2J0rRxzQ=
=TW4m
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close