2 matches found
CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)
A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...
CA ERwin Web Portal ConfigServiceProvider Information Disclosure (CVE-2014-2210)
An information disclosure vulnerability exists in CA ERwin Web Portal. Upon executing a successful attack, the server will give access to XML files which normally should not be accessible to external users. This vulnerability is due to lack of authentication and insufficient input validation in t...