CA Unicenter Asset Management Input Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1013360 |
|
SecurityTracker URL: http://securitytracker.com/id/1013360
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 3 2005
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0, 4.0 SP1
|
Description:
Some vulnerabilities were reported in CA's Unicenter Asset Management. A remote user can inject SQL commands and conduct cross-site scripting attacks.
A remote authenticated user with access to the administrative console can obtain the SQL administrator password, displayed (in masked form) on the 'Change Credentials for Database' window.
A remote authenticated user can inject HTML code via the name and description fields of the Reporter feature. Then, when the target user views the report, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the Unicenter Asset Management software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can submit specially crafted input via the Query Designer to inject SQL commands into an imported file.
Cengiz Aykanat discovered this vulnerability.
|
Impact:
A remote authenticated user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Unicenter Asset Management software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can execute SQL commands on the underlying database.
A remote authenticated user may be able to obtain the SQL administrator password.
|
Solution:
The vendor has issued a fix (APAR QO64323), described in the vendor's advisory summary at:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64323
|
Vendor URL: supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64323 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 2 Mar 2005 21:51:49 -0500
Subject: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64323
|
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64323
> Computer Associates: Unicenter Asset Management 4.0
> Computer Associates: Unicenter Asset Management 4.0 SP1
> UAM 40-CONSOLE SECURITY VULNERABILITIES
> PRODUCT: Unicenter Asset Management RELEASE: 4.0 APAR #: QO64323 DATE: 14 FEB
> 2005 PROBLEM DESCRIPTION: UAM 40-CONSOLE SECURITY VULNERABILITIES (A) INSECURE
> GUI INITIALIZATION WITH SQL USER PASSWORD
> Component: Unicenter Asset Management Release: 4.0
> O/S: NT FIX: QO64323 Hyper: Yes Confirmed: 02/14/2005
|
|
