Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-13824

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

Published

2018-08-30T14:29:01.173

Last Modified

2024-11-21T03:48:09.790

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	project_portfolio_management	≤ 14.3	Yes
Application	broadcom	project_portfolio_management	14.4	Yes
Application	broadcom	project_portfolio_management	15.1	Yes
Application	ca	project_portfolio_management	15.2	Yes
Application	ca	project_portfolio_management	15.3	Yes

References

http://www.securityfocus.com/bid/105297 Third Party Advisory, VDB Entry ([email protected])
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/105297 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)