Home page logo
/

bugtraq logo Bugtraq mailing list archives

CA20140403-01: Security Notice for CA Erwin Web Portal
From: "Kotas, Kevin J" <Kevin.Kotas () ca com>
Date: Thu, 3 Apr 2014 20:22:08 +0000

-----BEGIN PGP SIGNED MESSAGE-----

CA20140403-01: Security Notice for CA Erwin Web Portal

Issued: April 03, 2014

CA Technologies Support is alerting customers to multiple
vulnerabilities with CA Erwin Web Portal.

The vulnerabilities, CVE-2014-2210, occur due to insufficient path
verification. A remote unauthenticated attacker can use directory
traversal attacks to gain sensitive information, cause a denial of
service condition, gain additional access, or potentially execute
arbitrary code.

Risk Rating

High

Platform

Windows

Affected Products

CA ERwin Web Portal Version 9.5

How to determine if the installation is affected

1. View the About page
2. Find the Build Date
3. The Build Date should be equal to or greater than March 20, 2014
otherwise the installation is vulnerable.

Solution

CA ERwin Web Portal Version 9.5:
MIMM-win32-721-20140320.exe

References

CVE-2014-2210 - Erwin Web Portal directory traversal

CA20140403-01: Security Notice for CA Erwin Web Portal
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg

Acknowledgement

Andrea Micalizzi aka rgod working with HP's Zero Day Initiative

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln () ca com

Security Notices
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg

Security Response Blog
http://blogs.ca.com/securityresponse/

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2014 CA. All Rights Reserved. One CA Plaza, Islandia,
N.Y. 11749. All other trademarks, trade names, service marks, and
logos referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsBVAwUBUz3BlJI1FvIeMomJAQFGFwgAg9xsObnZ5tS2DEf8XpJOogmfNlzSLBq0
8R1cFgc4SkmA8/ls0sMkFqBCTeg655nIx9AEUmzhiTN3TKOs3W7NE2+AEYUZEale
WSb4WkwTATtnBwvbyKhVgFfYTw0pB0ItOqDxWZzOo4ND6bsikqcog54GAlhCx+0X
Iv2Z/JEBF3s68mWT8WrrkPZujO91I0vXpZsx1Gd/31smoIRw+WkryD/TRbo83cXo
L5TtB25A6FTjNqR0m1hUznJjgxyPVqsx3fwdoWz+e5iG7ZQmCoHwW4ClQ9qNeaAj
5cgqWdlB5lRSkqczz8nPkEsjs1dHq44Qv+Api+hgOWQ8cvo1xQwetA==
=reTg
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • CA20140403-01: Security Notice for CA Erwin Web Portal Kotas, Kevin J (Apr 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]