CA's technical support is alerting customers to a security risk with Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, and Unicenter Patch Management. The release of Tomcat as included with the products is potentially susceptible to a cross-site scripting vulnerability. CA has issued a solution to address the issue.
4e6ae1db6c1372dc4b1ee607383f5479a1887bf0e56983123d0dce8acdcf4d7f-----BEGIN PGP SIGNED MESSAGE-----
CA20090806-02: Security Notice for Unicenter Asset Portfolio
Management, Unicenter Desktop and Server Management, Unicenter
Patch Management
Issued: August 6, 2009
CA's technical support is alerting customers to a security risk with
Unicenter Asset Portfolio Management, Unicenter Desktop and Server
Management, and Unicenter Patch Management. The release of Tomcat as
included with the products is potentially susceptible to a cross-site
scripting vulnerability. CA has issued a solution to address the
issue.
Risk Rating
Medium
Platform
Windows
Affected Products
Unicenter Asset Portfolio Management 11.3
Unicenter Asset Portfolio Management 11.3.4
Unicenter Desktop and Server Management 11.2
Unicenter Patch Management 11.2
How to determine if the installation is affected
Customers can use the following technical documents to determine if
an installation is affected.
Unicenter Asset Portfolio Management:
TEC492816
Unicenter Desktop and Server Management:
TEC491323
Unicenter Patch Management:
TEC491323
Solution
Unicenter Asset Portfolio Management:
Follow the instructions in solution document RI09916.
Unicenter Desktop and Server Management,
Unicenter Patch Management:
Follow the instructions in technical document TEC491323.
References
CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
CA20090806-02: Security Notice for Unicenter Asset Portfolio
Management, Unicenter Desktop and Server Management, Unicenter Patch
Management
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21
4095
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Support at
http://support.ca.com/
If you discover a vulnerability in CA products, please report your
findings to the CA Product Vulnerability Response Team.
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782
Kevin Kotas
CA Product Vulnerability Response Team
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBSnti5pI1FvIeMomJAQFM0Qf/WnAvDpjlC+thQqPIJEaBUI5TBYoroLku
dM/q10Xk54htqtNMEnbrNVZvIYStdcEpQe2SuW+0rSI3U1Pv5Bkn/ofrbv7muYGk
hKQHfcliXLsjTuEq8aSSgmHVeMBwQ/Vwfnv5DClgrJ2LeW/J4uhG3g1NlB0gpTSw
MkfOAc+4fyl0DHvHpDvUBNZCAATeTOijStW4orTJulcl+TyO6pkx1aDjfQb0sIL0
B3xlG7CjMJxisV63fJpgeUTV6pBRf0w9cqj5nAaIGsAKtZXjWzfwKWdLxU794JUa
nDFDWBWgt1aDLH99PWH3lPjYgM8z/Bfe+FqBhHV/j0cqyosb7rYdag==
=2uwe
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed