CA Service Desk Manager Cross Site Scripting

2013.07.29
Credit: Kevin Kotas
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- CA20130725-01: Security Notice for CA Service Desk Manager Issued: July 25, 2013 CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripting attacks. CA Technologies published patches to address the vulnerability. The vulnerability, CVE-2013-2630, occurs due to insufficient verification of URL query string parameters. An attacker, who can have an unsuspecting user follow a carefully constructed URL, may perform various cross-site scripting attacks. Risk Rating Medium Platform Windows, Sun, AIX, Linux Affected Products CA Service Desk Manager 12.5 CA Service Desk Manager 12.6 CA Service Desk Manager 12.7 How to determine if the installation is affected Steps to identify the Service Desk Manager version and if the relevant patch is installed: 1. Navigate to the $NX_ROOT directory on the Service Desk server. Note: NX_ROOT points to the Service Desk Manager installation directory which by default is "C:\Program Files\CA\Service Desk Manager" for Windows or "/opt/CAisd/" for Sun Solaris, AIX, and Linux. 2. Identify the Service Desk Manager application version using the following steps: a. Navigate to the "$NX_ROOT\pdmconf\" directory for Windows or "$NX_ROOT/pdmconf/" for Sun Solaris, AIX, and Linux. b. Locate the file with the name "version" and open it with a text editor. c. The version of Service Desk Manager can be noted from the file (Example: Version r12.6). 3. Locate the file <machine_name>.his under $NX_ROOT directory. Note: The file may not exist if the Service Desk Manager server is unpatched. 4. Open the file with a text editor and locate the patch based on the matrix below for the corresponding Service Desk Manager version and operating system: R12.5: WINDOWS: RO59355 LINUX: RO59356 SUN: RO61158 AIX: RO61159 R12.6: WINDOWS: RO59358 LINUX: RO59359 SUN: RO59360 AIX: RO59362 R12.7: WINDOWS: RO59560 LINUX: RO59365 SUN: RO59366 AIX: RO59367 An example entry found in the history file: [DATE] - PTF Wizard installed RO59355 (USRD) RELEASE=12.7 5. If the corresponding patch is not installed, then the installation might be vulnerable. Solution CA Technologies published the following patches to address the vulnerabilities. CA Service Desk Manager 12.5 Windows: RO59355 CA Service Desk Manager 12.5 Sun: RO61158 CA Service Desk Manager 12.5 AIX: RO61159 CA Service Desk Manager 12.5 Linux: RO59356 CA Service Desk Manager 12.6 Windows: RO59358 CA Service Desk Manager 12.6 Sun: RO59360 CA Service Desk Manager 12.6 AIX: RO59362 CA Service Desk Manager 12.6 Linux: RO59359 CA Service Desk Manager 12.7 Windows: RO59560 CA Service Desk Manager 12.7 Sun: RO59366 CA Service Desk Manager 12.7 AIX: RO59367 CA Service Desk Manager 12.7 Linux: RO59365 CA20130725-01: Security Notice for CA Service Desk Manager https://support.ca.com/irj/portal/anonymous/phpsbpldgpg References CVE-2013-2630 Acknowledgement CVE-2013-2630 - Puneeth Kumar R Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2013 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Charset: utf-8 wsBVAwUBUfGmaZI1FvIeMomJAQEIJwf/dJHMhnStmOckkTcQSBZt/Txhy+kIF51/ v7yeeSmCsNpaCtxLg6noxDSPRa3hB4owRNL2qU9Bfst8FVvpX1CyF7El+S3XqgHg thYFmlWbvmJr30G7saw6fsLRsQpjG1m4zAb518Csy2L1+MnoH1discqvzmlH5kkD VfhuPBuTpuhbMiwBwbmojm5nXQoBssZIKTneYYn3TUf0MvRH4KtopPgAqcB/BxmY x7tc9pD2tJpyjJQ/WFAOZMxoaaP9oBXlbf8b2Plqh2lkmxtZTD8KppngwMXhce6s kqTuHuUk1IMLPhXDeIgXQHN6HaQKshGqYBUJEv18oKDYY5ZlD3Scsg== =KV9p -----END PGP SIGNATURE-----

References:

https://support.ca.com/irj/portal/anonymous/phpsbpldgpg


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top