CVE-2018-8954

Published: Apr 11, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.

Affected (6)

Products: Ca: Workload Control Center

1 product

Workload Control Center

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ca Workload Control Center	Up to r11.4
Ca Workload Control Center	Version sp1
Ca Workload Control Center	Version sp2
Ca Workload Control Center	Version sp3
Ca Workload Control Center	Version sp4
Ca Workload Control Center	Version sp5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/103742

Source: vuln@ca.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040605

Source: vuln@ca.com

Third Party AdvisoryVDB Entry

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html

Source: vuln@ca.com

Vendor Advisory

http://www.securityfocus.com/bid/103742

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040605

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.