vendor:
Service Metric Analysis, Service Level Management
by:
SecurityFocus
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: Service Metric Analysis, Service Level Management
Affected Version From: Service Metric Analysis 11.0, Service Level Management 3.5
Affected Version To: Service Metric Analysis 11.1 SP1
Patch Exists: YES
Related CWE: CVE-2008-4609
CPE: a:ca:service_management
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008
Multiple CA Service Management Products Command Injection Vulnerability
Multiple CA Service Management products are prone to a command injection vulnerability due to insufficient access restrictions. An attacker can leverage this vulnerability to execute arbitrary commands by submitting a malicious command through netcat or telnet.
Mitigation:
Upgrade to the latest version of the affected software.