Skip navigation
All Places > CA Product Vulnerability Response > Product Vulnerability Response
1 2 3 Previous Next

Product Vulnerability Response

100 posts

CA Technologies published a new security notice for CA Privileged Access Manager. See below for details.

 

CA20190212-01: Security Notice for CA Privileged Access Manager

 

Kevin Kotas

CA Product Vulnerability Response Director

CA Technologies - A Broadcom Company

On Thursday, January 24, 2019, CA Technologies published a new security notice for CA Automic Workload Automation. The security notice addresses one medium risk persistent XSS vulnerability, CVE-2019-6504, that was reported by Marc Nimmerrichter from SEC Consult Vulnerability Lab. See below for details.

 

CA20190124-01: Security Notice for CA Automic Workload Automation

 

 

If additional information is required, please contact CA Technologies support at http://support.ca.com/.

 

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

 

 

Regards,
Ken Williams
Vulnerability Response Director
CA Technologies, A Broadcom Company

 

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

On Thursday, January 17th, CA Technologies published a new security notice for CA Service Desk Manager. See below for details.

 

CA20190117-01: Security Notice for CA Service Desk Manager

 

Kevin Kotas

CA Technologies Product Vulnerability Response Director

CA Technologies posted a new security notice for CA Identity Governance. See below for details.

 

CA20181017-01: Security Notice for CA Identity Governance

 

Kevin Kotas, Vulnerability Response Director

CA Product Vulnerability Response

CA Technologies published a new security notice today for CA Release Automation.  The security notice addresses 1 vulnerability that was reported by Jakub Palaczynski and Maciej Grabiec.  See below for details.

 

CA20180829-03: Security Notice for CA Release Automation

 

If additional information is required, please contact CA Technologies support at http://support.ca.com/.


If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

 

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team

 

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

CA Technologies published a new security notice today for CA Unified Infrastructure Management (UIM).  The security notice addresses 3 vulnerabilities that were reported by Øystein Middelthun.  See below for details.

 

CA20180829-02: Security Notice for CA Unified Infrastructure Management

 

If additional information is required, please contact CA Technologies support at http://support.ca.com/.


If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

 

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team

 

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

CA Technologies published a new security notice today for CA PPM.  The security notice addresses 5 vulnerabilities that were reported by Piotr Domirski.  See below for details.

 

CA20180829-01: Security Notice for CA PPM

 

If additional information is required, please contact CA Technologies support at http://support.ca.com/.


If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

 

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team

 

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

CA Technologies published a new security notice today for CA API Developer Portal. See below for details.

 

CA20180802-01: Security Notice for CA API Developer Portal

 

Kevin Kotas, Vulnerability Response Director

CA Product Vulnerability Response

On June 14, 2018, we published a new security notice for CA Privileged Access Manager.  The security notice addresses 16 vulnerabilities that were reported by Peter Lapp, Dan Cocking, and modzero (Xceedium Xsuite vulnerabilities publicly disclosed in July 2015).  See the notice link below for details.

 

CA20180614-01: Security Notice for CA Privileged Access Manager

 

If additional information is required, please contact CA Technologies support at http://support.ca.com/.


If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

 

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team

 

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

CA Product Vulnerability Response published a new security notice today for CA Spectrum. The security notice concerns a denial of service vulnerability that was reported by Francesco Scibetta. See below for details.

 

CA20180501-01: Security Notice for CA Spectrum

 

Kevin Kotas, Vulnerability Response Director

CA Product Vulnerability Response

On March 29th, 2018, we published a new security notice for CA Workload Automation AE and CA Workload Control Center that addresses a medium risk SQL injection vulnerability in CA Workload Automation AE, and a high risk remote code execution vulnerability in the Apache MyFaces component in CA Workload Control Center.  These vulnerabilities were privately reported to CA Technologies by Hamed Merati and Kacper Nowak from Sense of Security Labs.  See the notice below for details.

 

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center

 

If additional information is required, please contact CA Technologies support at http://support.ca.com/.

 

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

 

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team

 

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

On March 28th, 2018, we published a new security notice for CA API Developer Portal that addresses three medium risk cross-site scripting vulnerabilities that were privately reported to CA by Alphan Yavas. See the notice below for details.

 

CA20180328-01: Security Notice for CA API Developer Portal

 

Kevin Kotas, Vulnerability Response Director

CA Product Vulnerability Response

On November 14, 2017, CA published a new security notice for CA Identity Governance. The notice concerns a medium risk vulnerability reported by Jacob Miller. A remote attacker can exploit the vulnerability to conduct cross-site scripting attacks. We are not aware of any active exploitation of the vulnerability at the time of this post. See the security notice for additional details and fix information:

 

CA20171114-01: Security Notice for CA Identity Governance

 

Kevin Kotas, Vulnerability Response Director

CA Product Vulnerability Response

We published a new security notice today for CA Identity Manager. The notice describes a medium risk information disclosure vulnerability that was reported by Jake Miller. A remote attacker can potentially identify the passwords for a locked account by using an exhaustive search. We are not aware of any active exploitation of this vulnerability at the time of this post.

 

CA20170921-01: Security Notice for CA Identity Manager (CA Identity Suite)

 

Kevin Kotas
Vulnerability Response Director
CA Product Vulnerability Response Team

CA published a new security notice today for CA Client Automation. The security notice addresses a high risk vulnerability reported by Christoph Falta. A solution is available. We are not aware of any exploitation of this vulnerability at this time.

 

CA20170504-01: Security Notice for CA Client Automation OS Installation Management