CA20110510-01 Security Notice for CA eHealth - CA Technologies
{{search ? 'Close':'Search'}}

CA20110510-01: Security Notice for CA eHealth

Issued: May 10, 2011

CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security.

The vulnerability, CVE-2011-1899, occurs due to insufficient validation of sent request parameters. An attacker, who can convince a user to follow a carefully constructed link or view a malicious web page, can conduct various cross-site scripting attacks.

Note: The "Scan user input for potentially malicious HTML content" configuration option does not protect against this vulnerability.

Risk Rating

Medium

Platform

Windows
Unix

Affected Products

CA eHealth 6.0.x
CA eHealth 6.1.x
CA eHealth 6.2.1
CA eHealth 6.2.2

How to determine if the installation is affected

Locate the following file on the respective platform:

Platform File Path
Windows "%NH_HOME%extensionslocal42339.log"
Unix "$NH_HOME/extensions/local/42339.log"


If the file is not present, the installation is vulnerable.

Solution

Customers may contact CA Technologies support to obtain a patch that resolves this issue. Request the patch for PRD 42339 when submitting the support ticket.

References

CVE-2011-1899 - eHealth cross-site scripting

Acknowledgement

CVE-2011-1899 - Tony Fogarty

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies Support at http://support.ca.com/.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing