CA20160721-01: Security Notice for CA eHealth

Issued: July 21, 2016
Last Updated: July 21, 2016

CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface, CVE-2016-6151 and CVE-2016-6152, that can allow a remote authenticated attacker to cause a denial of service condition or possibly execute arbitrary commands. CA technologies assigned a High risk rating to these vulnerabilities. CA has a solution available.

Risk Rating

CVE Identifier Risk Vulnerable Releases
CVE-2016-6151 High 6.2.x
CVE-2016-6152 High 6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x



Affected Products

CA eHealth 6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x

How to determine if the installation is affected

Customers may check the build number by running the nhShowRev command

If the installed product Fix build is less than the release in the below table, the installation is vulnerable.

Product release Fix build
CA eHealth 6.2.x, 6.3.x


For all releases of CA eHealth, update to version or later to resolve these vulnerabilities.


CVE-2016-6151 - CA eHealth 6.2.x remote denial of service/command execution
CVE-2016-6152 - CA eHealth 6.2.x, 6.3.x remote denial of service/command execution


CVE-2016-6151, CVE-2016-6152 - Ben Lincoln, NCC Group

Change History

Version 1.0: Initial Release

A notification about this security notice will be sent to customers who are subscribed to Proactive Notifications.

If additional information is required, please contact CA Technologies Support at

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing