CVE-2018-8954

Related Files

CA Workload Automation AE / CA Workload Control Center SQL Injection / Code Execution

Posted Mar 30, 2018

Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attacks or execute code remotely. The first vulnerability in CA Workload Automation AE has a medium risk rating and concerns insufficient data validation that can allow an authenticated remote attacker to conduct SQL injection attacks. The second vulnerability in CA Workload Control Center has a high risk rating and concerns an Apache MyFaces configuration that can allow an authenticated remote attacker to conduct remote code execution attacks.

tags | advisory, remote, vulnerability, code execution, sql injection

advisories | CVE-2018-8953, CVE-2018-8954

SHA-256 | 6b08e25b22ed206c621e2b2509af3c001c02e5de10b5fd7a3c6fc36b019b3700

Download | Favorite | View