CA20140403-01: Security Notice for CA Erwin Web Portal
Issued: April 03, 2014
CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal.
The vulnerabilities, CVE-2014-2210, occur due to insufficient path verification. A remote unauthenticated attacker can use directory traversal attacks to gain sensitive information, cause a denial of service condition, gain additional access, or potentially execute arbitrary code.
CA ERwin Web Portal Version 9.5
How to determine if the installation is affected
- View the About page
- Find the Build Date
- The Build Date should be equal to or greater than March 20, 2014, otherwise the installation is vulnerable.
CA ERwin Web Portal Version 9.5:
CVE-2014-2210 - Erwin Web Portal directory traversal
Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies Support at https://support.ca.com/.
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at firstname.lastname@example.org.
CA Technologies Product Vulnerability Response Team PGP Key
Security Response Blog