Lucene search

CaCVE-2018-8954

HistoryApr 11, 2018 - 5:29 p.m.

CVE-2018-8954

2018-04-1117:29:00

CWE-20

web.nvd.nist.gov

cve-2018-8954

ca workload control center

remote code execution

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.015

Percentile

86.9%

JSON

CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.

Affected configurations

Nvd

Node

caworkload_control_centerRange≤r11.4

caworkload_control_centerMatchsp1

caworkload_control_centerMatchsp2

caworkload_control_centerMatchsp3

caworkload_control_centerMatchsp4

caworkload_control_centerMatchsp5

VendorProductVersionCPE
caworkload_control_center*cpe:2.3:a:ca:workload_control_center:*:*:*:*:*:*:*:*
caworkload_control_centersp1cpe:2.3:a:ca:workload_control_center:sp1:*:*:*:*:*:*:*
caworkload_control_centersp2cpe:2.3:a:ca:workload_control_center:sp2:*:*:*:*:*:*:*
caworkload_control_centersp3cpe:2.3:a:ca:workload_control_center:sp3:*:*:*:*:*:*:*
caworkload_control_centersp4cpe:2.3:a:ca:workload_control_center:sp4:*:*:*:*:*:*:*
caworkload_control_centersp5cpe:2.3:a:ca:workload_control_center:sp5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	workload_control_center	*	cpe:2.3:a:ca:workload_control_center::::::::
ca	workload_control_center	sp1	cpe:2.3:a:ca:workload_control_center:sp1:::::::*
ca	workload_control_center	sp2	cpe:2.3:a:ca:workload_control_center:sp2:::::::*
ca	workload_control_center	sp3	cpe:2.3:a:ca:workload_control_center:sp3:::::::*
ca	workload_control_center	sp4	cpe:2.3:a:ca:workload_control_center:sp4:::::::*
ca	workload_control_center	sp5	cpe:2.3:a:ca:workload_control_center:sp5:::::::*

CNA Affected

[
  {
    "product": "Workload Control Center",
    "vendor": "CA Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "r11.4 SP5 and earlier"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103742

www.securitytracker.com/id/1040605

support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.015

Percentile

86.9%

JSON

Related for CVE-2018-8954