CA Service Desk Manager 14.1 / 17 Authentication Bypass

CA Technologies Support is alerting customers to multiple potential risks with CA Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or possibly gain additional privileges. CA published solutions to address the vulnerabilities. The first vulnerability is due to how survey access is implemented. A malicious actor can access and submit survey information without authentication. The second vulnerability allows for a malicious actor to gain additional privileges. Versions affected include 14.1 and 17.


MD5 | eb02560e2cfc9f65108956208ab178c4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20190117-01: Security Notice for CA Service Desk Manager

Issued: January 17, 2019
Last Updated: January 17, 2019

CA Technologies Support is alerting customers to multiple potential
risks with CA Service Desk Manager. Multiple vulnerabilities exist
that can allow a remote attacker to access sensitive information or
possibly gain additional privileges. CA published solutions to
address the vulnerabilities.

The first vulnerability, CVE-2018-19634, is due to how survey access
is implemented. A malicious actor can access and submit survey
information without authentication.

The second vulnerability, CVE-2018-19635, allows for a malicious
actor to gain additional privileges.

Risk Rating

High

Platform(s)

All platforms

Affected Products

CA Service Desk Manager 14.1
CA Service Desk Manager 17

How to determine if the installation is affected

CA Service Desk Manager r14.1:
Versions prior to 14.1.05.1 are vulnerable.

CA Service Desk Manager r17 Windows:
Versions 17.1.0.1 and prior without the 17.1.0.1 language patch in
the solution section are vulnerable

CA Service Desk Manager r17 Linux:
Versions prior to 17.1.0.2 are vulnerable

Solution

CA Technologies published the following solutions to address the
vulnerabilities.

CA Service Desk Manager r14.1:

Update to CA Service Desk Manager 14.1.05.1. The rollup patches are
available on the CA Service Desk Manager 14.1 Solutions & Patches
page.

Windows - SO05733
Sun - SO05716
Linux - SO05715

CA Service Desk Manager R17 Linux:
Update to 17.1.0.2 from the CA Service Desk Manager 17.1 Solutions
& Patches page.

CA Service Desk Manager R17 Windows:
Update to 17.1.0.2. Alternatively, update to 17.1.0.1 and install the
corresponding language patch for the Service Desk Manager
installation. All fixes are available on the CA Service Desk Manager
17.1 Solutions & Patches page.

Chinese - SO06055
English - SO06036
French - SO06051
French Canadian - SO06039
German - SO06037
Italian - SO06052
Japanese - SO06053
Portuguese - SO06054
Spanish - SO06038

References

CVE-2018-19634 - CA Service Desk Manager survey access
CVE-2018-19635 - CA Service Desk Manager privilege escalation

Acknowledgement

CVE-2018-19634 and CVE-2018-19635 - Bui Duy Hiep

Change History

Version 1.0: 2019-01-17 - Initial Release

CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications.

Customers who require additional information about this notice may
contact CA Technologies Support at http://support.ca.com/.

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response

Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBXEDDEblJjor7ahBNAQhpKw/+MdbnJY7q2pYojS3XvSOhWjdm6H41akB5
mXjsGQLhpRvLV+sS3p1+l+JK9F8x7Gi0+tJaCMILq8eGj7hIfgrm+J38XxcQIfJd
xPqXeuoeM6Fghd3AgNriecleIELjt32zCy4JpDMiiUDu1+dYpsURHBTiN2YITBMn
V11TMq8lvJua10z81OFgm+Kj95qdDfu1NKV+A+Nmtdey+6fxEEWiOBCE01EZC+M9
4cY1vLVQdY+Kkv2GN0P89rKzkWg5UCGjLSbcbnz9+STGRoT5VEcatiZFVSYtudUZ
KQSu0UIoPDOxGSn+EE+PSBgP0e3R0ke1swXN8kIghmAthCaFVyTVBRUpTpOKYg3o
AjQfiRlowBnNoeRtdZltLuWTEIY+5gpduN5pRLTgeTbwbGV9IaK2uxjNy3g4PvfG
PApvtbxxPSOwwTTMtD2jAdiSxOeEbh+vhaBX4BjaUGPysMgsBgVbARntIYySu78X
YL8tf9N04y3r+nEGP6jCgIAHU5NajAubx6FaHDS1rOnuEZ3y6+r/kOOy38dfQygk
ASdeG12cXd8/I6UFDphk9DcBhO61z9EgZ4DatfXvtBuuirkwdaavbx4UN8DX9pPX
TMKvFVhPn259nDQG95uMZSHgXAygWEr8wlPn0ef0JjszeZnAsiLnRE149zeGyG75
QD/9yo0kzx8=
=4XWm
-----END PGP SIGNATURE-----

Related Posts