SB2018083013 - Multiple vulnerabilities in Broadcom Unified Infrastructure Management

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use of hard-coded credentials (CVE-ID: CVE-2018-13819)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.

2) Use of hard-coded credentials (CVE-ID: CVE-2018-13820)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.

3) Improper Authentication (CVE-ID: CVE-2018-13821)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/105199
• https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html