CA Unified Infrastructure Management diag Path Traversal Information Disclosure Vulnerability

ID ZDI-16-607
Type zdi
Reporter rgod
Modified 2016-11-10T00:00:00


This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability.

The specific flaw exists within processing of the diag.jsp servlet. The servlet is vulnerable to directory traversal and can be used to exfiltrate sensitive system files from the system.