exploit the possibilities

CA Service Desk Manager 14.1 / 17 Authentication Bypass

CA Service Desk Manager 14.1 / 17 Authentication Bypass
Posted Jan 21, 2019
Authored by Kevin Kotas, Bui Duy Hiep | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or possibly gain additional privileges. CA published solutions to address the vulnerabilities. The first vulnerability is due to how survey access is implemented. A malicious actor can access and submit survey information without authentication. The second vulnerability allows for a malicious actor to gain additional privileges. Versions affected include 14.1 and 17.

tags | advisory, remote, vulnerability
advisories | CVE-2018-19634, CVE-2018-19635
MD5 | eb02560e2cfc9f65108956208ab178c4

CA Service Desk Manager 14.1 / 17 Authentication Bypass

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20190117-01: Security Notice for CA Service Desk Manager

Issued: January 17, 2019
Last Updated: January 17, 2019

CA Technologies Support is alerting customers to multiple potential
risks with CA Service Desk Manager. Multiple vulnerabilities exist
that can allow a remote attacker to access sensitive information or
possibly gain additional privileges. CA published solutions to
address the vulnerabilities.

The first vulnerability, CVE-2018-19634, is due to how survey access
is implemented. A malicious actor can access and submit survey
information without authentication.

The second vulnerability, CVE-2018-19635, allows for a malicious
actor to gain additional privileges.

Risk Rating

High

Platform(s)

All platforms

Affected Products

CA Service Desk Manager 14.1
CA Service Desk Manager 17

How to determine if the installation is affected

CA Service Desk Manager r14.1:
Versions prior to 14.1.05.1 are vulnerable.

CA Service Desk Manager r17 Windows:
Versions 17.1.0.1 and prior without the 17.1.0.1 language patch in
the solution section are vulnerable

CA Service Desk Manager r17 Linux:
Versions prior to 17.1.0.2 are vulnerable

Solution

CA Technologies published the following solutions to address the
vulnerabilities.

CA Service Desk Manager r14.1:

Update to CA Service Desk Manager 14.1.05.1. The rollup patches are
available on the CA Service Desk Manager 14.1 Solutions & Patches
page.

Windows - SO05733
Sun - SO05716
Linux - SO05715

CA Service Desk Manager R17 Linux:
Update to 17.1.0.2 from the CA Service Desk Manager 17.1 Solutions
& Patches page.

CA Service Desk Manager R17 Windows:
Update to 17.1.0.2. Alternatively, update to 17.1.0.1 and install the
corresponding language patch for the Service Desk Manager
installation. All fixes are available on the CA Service Desk Manager
17.1 Solutions & Patches page.

Chinese - SO06055
English - SO06036
French - SO06051
French Canadian - SO06039
German - SO06037
Italian - SO06052
Japanese - SO06053
Portuguese - SO06054
Spanish - SO06038

References

CVE-2018-19634 - CA Service Desk Manager survey access
CVE-2018-19635 - CA Service Desk Manager privilege escalation

Acknowledgement

CVE-2018-19634 and CVE-2018-19635 - Bui Duy Hiep

Change History

Version 1.0: 2019-01-17 - Initial Release

CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications.

Customers who require additional information about this notice may
contact CA Technologies Support at http://support.ca.com/.

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response

Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBXEDDEblJjor7ahBNAQhpKw/+MdbnJY7q2pYojS3XvSOhWjdm6H41akB5
mXjsGQLhpRvLV+sS3p1+l+JK9F8x7Gi0+tJaCMILq8eGj7hIfgrm+J38XxcQIfJd
xPqXeuoeM6Fghd3AgNriecleIELjt32zCy4JpDMiiUDu1+dYpsURHBTiN2YITBMn
V11TMq8lvJua10z81OFgm+Kj95qdDfu1NKV+A+Nmtdey+6fxEEWiOBCE01EZC+M9
4cY1vLVQdY+Kkv2GN0P89rKzkWg5UCGjLSbcbnz9+STGRoT5VEcatiZFVSYtudUZ
KQSu0UIoPDOxGSn+EE+PSBgP0e3R0ke1swXN8kIghmAthCaFVyTVBRUpTpOKYg3o
AjQfiRlowBnNoeRtdZltLuWTEIY+5gpduN5pRLTgeTbwbGV9IaK2uxjNy3g4PvfG
PApvtbxxPSOwwTTMtD2jAdiSxOeEbh+vhaBX4BjaUGPysMgsBgVbARntIYySu78X
YL8tf9N04y3r+nEGP6jCgIAHU5NajAubx6FaHDS1rOnuEZ3y6+r/kOOy38dfQygk
ASdeG12cXd8/I6UFDphk9DcBhO61z9EgZ4DatfXvtBuuirkwdaavbx4UN8DX9pPX
TMKvFVhPn259nDQG95uMZSHgXAygWEr8wlPn0ef0JjszeZnAsiLnRE149zeGyG75
QD/9yo0kzx8=
=4XWm
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close