7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.
CPE | Name | Operator | Version |
---|---|---|---|
total_defense | eq | 12.0.114 |
secunia.com/advisories/44097
securitytracker.com/id?1025353
www.securityfocus.com/archive/1/517492/100/0/threaded
www.securityfocus.com/archive/1/517494/100/0/threaded
www.securityfocus.com/bid/47356
www.vupen.com/english/advisories/2011/0977
www.zerodayinitiative.com/advisories/ZDI-11-127/
exchange.xforce.ibmcloud.com/vulnerabilities/66727
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}