View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA service desk web forms multiple cross-site scripting vulnerabilities

Date Discovered:
24 Sep 2008

Date Published:
25 Sep 2008

Last Updated:
25 Sep 2008

Threat Assessment

Overall Risk:  Medium
Popularity : Low
Impact:  High
Simplicity:  Medium

Characteristics

Vulnerability ID:  36694
Discovered By:  Anonymous

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can conduct cross-site scripting attacks.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA Service Desk contains a multiple vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insecure handling of passed variables in multiple web forms. An attacker can convince the victim to click on specially crafted link and conduct cross-site scripting attacks.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA CMDB 11.0, CA CMDB 11.1, CA CMDB 11.2, CA Service Desk r11.2 - CA Service Desk Server component [AIX], CA Service Desk r11.2 - CA Service Desk Server component [HPUX], CA Service Desk r11.2 - CA Service Desk Server component [LINUX], CA Service Desk r11.2 - CA Service Desk Server component [Solaris], CA Service Desk r11.2 - CA Service Desk Web Screen component Painter [AIX], CA Service Desk r11.2 - CA Service Desk Web Screen Painter [LINUX], CA Service Desk r11.2 - CA Service Desk Web Screen Painter [Solaris], CA Service Desk r11.2 - CA Service Desk Web Screen Painter component [HPUX], CA Service Desk r11.2 - CA Service Desk Web Server component [AIX], CA Service Desk r11.2 - CA Service Desk Web Server component [HPUX] x86 64, CA Service Desk r11.2 - CA Service Desk Web Server component [LINUX], CA Service Desk r11.2 - CA Service Desk Web Server component [Solaris], CA Unicenter Service Desk r11.2

content ID: 186585- Refer to the bulletin for fixes.



"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585"





Note: If you are using a version of CA Service Desk earlier than r11.2, you will first need to upgrade to r11.2. For users of earlier versions, CA recommends upgrading to r11.2.



Windows:

CA Service Desk Crystal Report component: QO99896

CA Service Desk Dashboard component: QO99895

CA Service Desk Web Screen Painter component: QO99894

CA Service Desk Web Server component: QO99893

CA Service Desk Server component: QO99892



AIX:

CA Service Desk Web Screen Painter component: QO99905

CA Service Desk Web Server component: QO99901

CA Service Desk Server component: QO99897



HPUX:

CA Service Desk Web Screen Painter component: QO99906

CA Service Desk Web Server component: QO99902

CA Service Desk Server component: QO99898



Linux:

CA Service Desk Web Screen Painter component: QO99907

CA Service Desk Web Server component: QO99903

CA Service Desk Server component: QO99899



Solaris:

CA Service Desk Web Screen Painter component: QO99908

CA Service Desk Web Server component: QO99904

CA Service Desk Server component: QO99900

Back to top

Affected Technologies

Computer Associates: CA CMDB 11.0
Computer Associates: CA CMDB 11.1
Computer Associates: CA CMDB 11.2
Computer Associates: CA Service Desk r11.2 - CA Service Desk Server component [AIX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Server component [HPUX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Server component [LINUX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Server component [Solaris]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Screen component Painter [AIX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Screen Painter [LINUX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Screen Painter [Solaris]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Screen Painter component [HPUX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Server component [AIX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Server component [HPUX] x86 64
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Server component [LINUX]
Computer Associates: CA Service Desk r11.2 - CA Service Desk Web Server component [Solaris]
Computer Associates: CA Unicenter Service Desk r11.2

Back to top

References

CA:content ID: 186585
Mitre CVE: CVE-2008-4119

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare