Main Vulnerability Database Vulnerabilities #VU11457

#VU11457 SQL injection in CA Workload Automation - CVE-2018-8953

Published: March 30, 2018 / Updated: April 2, 2018

Vulnerability identifier: #VU11457

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8953

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
CA Workload Automation

Software vendor:
CA Technologies

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

Remediation

Update to version 11.3.6 SP7.

External links

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--securi...

#VU11457 SQL injection in CA Workload Automation - CVE-2018-8953

Description

Remediation

External links

Please verify you're human