CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.
7484ac45d17585798083790d7030a16af3adf9a7edd7018fd77567ee3e3aaf5c
CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripting attacks. CA Technologies published patches to address the vulnerability. The vulnerability occurs due to insufficient verification of URL query string parameters. An attacker, who can have an unsuspecting user follow a carefully constructed URL, may perform various cross-site scripting attacks.
d63a76083ac68c48ee8a7b1f88abdecf4446e7f484d0f8db4a371147e75caf8c
CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.
2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394d
CA Technologies support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.
64660f12f6dffd5ead18f692e26e016ebc3bd54a5bb79b9a73ea69407b74de6f
CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language (SAML). Multiple vulnerabilities exist that can possibly allow a remote attacker to gain additional privileges. The vulnerabilities concern the verification of XML signatures on SAML statements. An attacker can perform various attacks to impersonate another user in the single sign-on system.
0a14a948ab88ea32cc65eec67d7baeacc0cfda2caa0d678240891bf18319d013
CA Technologies Support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.
c191161ea9ede921182bd50c60a26d485e8a24e091a255c3ef2ebc60b2e63446
CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations. This advisory is an updated version of the originally release CA20121018-01.
be3d581b61c9b5924795c648c3df4db5b11cf040219259da002acc2321c797fa
CA Technologies Support is alerting customers to a potential risk with CA XCOM Data Transport. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of requests. A remote attacker can send a carefully constructed request to execute arbitrary commands and compromise the server.
239c6eaa7173b4f89af22da52f04a65f1d261f70a0307189f6106dc8714326da
CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations.
09e5a6cd41ce7ba234c0aa89f40a067136370cc7f4a6451edbb776dd2ec7c23f
CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability. The vulnerability occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.
f6cc7aa2a2c098a2e8ed419d61aa4d65e98cc20b7bdc4c73e4cfe07ba7fc117b
CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash.
2504afdbecc5337cc2f3bedfcdb2f35357e06e9213344c8bb32f8190347818d5
CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.
129765a243cc9461d666229b218c140b7dd2b2170b92ae5385206f75be6ce569
CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security. The vulnerability occurs due to insufficient validation of sent request parameters. An attacker, who can convince a user to follow a carefully constructed link or view a malicious web page, can conduct various cross-site scripting attacks. Versions 6.0.x, 6.1.x, 6.2.1, and 6.2.2 are affected.
59491a8e54f0e3980dff181e854aac91f5f99b5bc0eb81ce1a280219f8dbd3da
CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist that can allow a remote attacker to potentially compromise web user security. The first set of vulnerabilities occur due to insufficient handling of request parameters sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can potentially conduct cross-site scripting attacks. The second vulnerability occurs due to insufficient filtering of a request parameter sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can use redirection to potentially carry out additional web based attacks.
b7f2426e298629c164af95d01b3886396dbdea3a03957d1a67ef5c0aac369b16
CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
9697f3a718cfbc9df64ba14c7c65ce50a6f140e9f9064d6822691eb7e5a4adcc
CA Technologies support is alerting customers to a security risk with CA XOsoft. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued a patch to address the vulnerability for each affected release. The vulnerability is due to insufficient bounds checking with a SOAP request. A remote attacker can make a SOAP request to cause a buffer overflow and potentially compromise the system.
9d039f55b21c958375378d4ba47477b52c27a168b01375bd467fcfa9414e7265
CA Technologies support is alerting users to multiple security risks with the PSFormX and WebScan ActiveX controls previously available from the CA Global Security Advisor site. Multiple vulnerabilities exist that can potentially allow a remote attacker to execute arbitrary code.
0b049ea0898a69371cc5cc8a26e73e66c53c04571db9692f5331ddf978382a43
CA's support is alerting customers to a security risks with CA ARCserve Backup. A vulnerability exists that can potentially allow a local attacker to gain sensitive information.
06ddd0ac2e0c6812405ad8e4e65836ebf983a0a9512ec15cb15638b106952ee3
CA's support is alerting customers to multiple security risks with CA XOsoft products. Multiple vulnerabilities exist that can allow a remote attacker to gain sensitive information, cause a denial of service, or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
4f0ccb63614eae015dcca644dfed7c789226834eac0663d29fecd6799c65fd53
CA's support is alerting customers to security risks with CA ARCserve Backup. The version of JRE shipped with ARCserve Backup is potentially susceptible to multiple vulnerabilities and has also reached end of life. Support is providing JRE 1.6 upgrades as remediation.
cfefe844cbf368208645fa446b73b5a519cb032ac24cc9cf1e2b6e84548e6812
CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
39d84995aec8b0cb22c76241f4147383e8b61c3f330f9f6678b33fe9bd42b489
CA's support is alerting customers to a security risk with CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk r12.1 is potentially susceptible to a cross-site scripting vulnerability.
2e92d226c13807796ab6b28da061de5d24b3df3aa35c5887901a5a31a4b25235
CA's support is alerting customers to a security risk with CA Service Desk. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has issued patches to address the vulnerability.
c693621b91a9aa7cb65f2332d160db6216d422e57c07d7703086080646986b6d
CA's technical support is alerting customers to a security risk with CA Internet Security Suite. A vulnerability exists that can allow a local attacker to cause a denial of service. CA has issued updates to address the vulnerability.
9c3d68ac3dad0276ab9339d015dc14dc652b5e16394e015cb1e8cb17467ad31f
CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability.
f455554c212e25843047986dea31c1900e3efee354d31a7324a20d7fd58aa3a3