Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-18-002 – CA Workload Automation AE SQL Injection

Release Date: 29-Mar-2018

Last Update:

Vendor Notification Date: 17-Oct-2017

Product: CA Workload Automation AE

Platform: Microsoft Windows

Affected versions: CA Workload Automation AE r11.3.5, r11.3.6 SP6 and earlier

Severity Rating: Medium

Impact: Exposure of sensitive information and exposure of system information

Attack Vector: Remote with authentication

Solution Status: CA Workload Automation AE Release 11.3.6 SP7

CVE reference: CVE-2018-8953

Details

CA Workload Automation AE (AutoSys Edition) is a workload automation tool supplied by CA Technologies. CA Workload Automation AE suffers from SQL injection vulnerabilities as it fails to validate data supplied before being used in a SQL query.

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

Apply patch from CA Workload Automation AE Release 11.3.6 SP7 released on 2 March 2018.

Additional information is available here.

Discovered By

Hamed Merati from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Post A Comment