6 matches found
CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)
A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...
CA ERwin Web Portal ConfigServiceProvider Information Disclosure (CVE-2014-2210)
An information disclosure vulnerability exists in CA ERwin Web Portal. Upon executing a successful attack, the server will give access to XML files which normally should not be accessible to external users. This vulnerability is due to lack of authentication and insufficient input validation in t...
CA ERwin Web Portal 9.5 Multiple Directory Traversals
CA ERwin Web Portal version 9.5 with a build date before March 20, 2014 was detected on the remote host. This version contains multiple directory traversal vulnerabilities that an attacker could use to access sensitive information, or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable...
CA Erwin Web Portal目录遍历漏洞
Bugtraq ID:66644 CVE ID:CVE-2014-2210 CA ERwin Web Portal是基于网络的新界面CA ERwin网络门户。 CA ERwin Web Portal存在多个目录遍历漏洞,允许远程攻击者利用漏洞提交请求以WEB权限查看系统文件内容。 0 CA ERwin Web Portal 9.5 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=7F968A14-7407-4BCF-9EB1-EFE9F0E6D663...
CA20140403-01: Security Notice for CA Erwin Web Portal
-----BEGIN PGP SIGNED MESSAGE----- CA20140403-01: Security Notice for CA Erwin Web Portal Issued: April 03, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal. The vulnerabilities, CVE-2014-2210, occur due to insufficient path verification. A...
CVE-2014-2210
CA ERwin Web Portal 9.5 (build date before 2014-03-20) contains multiple directory traversal vulnerabilities due to lack of authentication and insufficient input validation in components such as FileAccessServiceProvider, ProfileIconServlet, and ConfigServiceProvider (MIMM) across HTTP requests. ...