CVE-2018-13826

CA PPM XOG module suffers an XML External Entity (XXE) vulnerability that enables server-side request forgery. Affected are CA PPM versions 14.3 and below; 14.4; 15.1; 15.2 CP5 and below; 15.3 CP2 and below. The issue arises in the XOG functionality and is documented across CVE-2018-13826 entries...

CVE-2018-13825

CA PPM includes a vulnerability in the gridExcelExport feature due to insufficient input validation, enabling reflected XSS. Affected versions: 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below. The root cause is input validation failures in that component; impact is remote e...

CVE-2018-13824

CVE-2018-13824 concerns CA PPM where insufficient input sanitization in two parameters enables SQL injection. Affected versions include CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below. The connected documents consistently describe this as a SQL injection vulnerabilit...

CVE-2018-13822

CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below are affected by CVE-2018-13822 due to unprotected storage of credentials. This allows attackers to access sensitive information. The Connected documents confirm the affected versions and the credential storage issue; no...

CVE-2018-13823

CA PPM versions 14.3 and earlier, 14.4, 15.1, 15.2 CP5 and earlier, and 15.3 CP2 and earlier are affected by an XML External Entity (XXE) vulnerability in the XOG functionality, leading to potential exposure of sensitive information. The issue is caused by XXE in XOG and can be exploited remotely...