Description:
Some vulnerabilities have been reported in CA products, which can be exploited by malicious, local users to gain escalated privileges.
For more information:
SA31357
NOTE: The vulnerabilities do not affect Windows-based Ingres installations.
The vulnerabilities are reported in the following products and versions:
* Admin r8.1 SP2
* Advantage Data Transformer r2.2
* Allfusion Harvest Change Manager r7.1
* CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3
* CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3
* CA Directory r8.1
* CA Job Management Option R11.0
* CA Single Sign-On r8.1
* CleverPath Aion BPM r10.1, r10.2
* EEM 8.1, 8.2, 8.2.1
* eTrust Audit/SCC 8.0 sp2
* Identity Manager r12
* NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11
* Unicenter Asset Management r11.1, r11.2
* Unicenter Remote Control r11.2
* Unicenter Service Catalog r2.2, r11.1
* Unicenter Service Metric Analysis r11.1
* Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2
* Unicenter Software Delivery r11.1, r11.2
* Unicenter Workload Control Center r11
Solution:
Apply patches (please see vendor advisory for details).
Provided and/or discovered by:
The vendor credits iDefense Labs.
Original Advisory:
CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
Other References:
SA31357:
http://secunia.com/advisories/31357/
|
