CA Technologies, a Broadcom Company, is alerting customers to a risk with CA Service Catalog. A vulnerability can potentially exist in a specific configuration that can allow a remote attacker to cause a denial of service condition. CA published a solution and instructions to resolve the vulnerability. The vulnerability occurs due a default configuration setting that, if not modified during installation by customers, can allow a remote attacker to access and update configuration information that can result in a denial of service condition.
8327e804ccae5d87838d2e89f164ca1437cf95abb6f2a0e33d3cc4ba4f6b9de8A vulnerability exists in CA Client Automation that can allow a local attacker to gain escalated privileges. CA published solutions to address the vulnerability and recommends that all affected customers implement the applicable solution. The vulnerability, CVE-2019-19231, occurs due to insecure file access by the agent services. A local attacker may exploit this vulnerability to execute arbitrary commands with escalated privileges on an installation of the Client Automation agent. The Windows agent in CA Client Automation versions 14.0, 14.1, 14.2, and 14.3 are affected.
f83b28b09c7c76554eda487fcb8f48e6c31754eb1815d5deca6571ca3cc74d47
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed