CA.Total.Defense.Suite.UNCWS.ExportReport.SQL.Injection

description-logoDescription

This indicates an attack attempt against a SQL Injection vulnerability in CA Total Defense Suite UNC Management Console.
The vulnerability is due to insufficient sanitization of the request parameters in a stored procedure. An attacker can exploit this by sending a specially crafted SOAP request to the target on port 34444 for HTTP and 34443 for
HTTPS. Successful attacks may allow an attacker to inject arbitrary SQL commands. Any injected SQL commands will run with DBA privileges.

affected-products-logoAffected Products

CA Total Defense Suite prior to R12 SE3

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patches.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-10-16 13.473 Sig Added