Vulnerability Name: | CVE-2018-13824 (CCN-149233) | ||||||||||||
Assigned: | 2018-08-29 | ||||||||||||
Published: | 2018-08-29 | ||||||||||||
Updated: | 2021-04-12 | ||||||||||||
Summary: | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.4 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-89 | ||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-13824 Source: BID Type: Third Party Advisory, VDB Entry 105297 Source: CCN Type: BID-105297 CA PPM Multiple Security Vulnerabilities Source: XF Type: UNKNOWN ca-cve201813824-sql-injection(149233) Source: CCN Type: CA20180829-01 Security Notice for CA PPM Source: CONFIRM Type: Patch, Vendor Advisory https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |