My security director is asking what the PMDWEB executable is doing? We are running CA SDM v12.9 . Here is the specific questions:
I don’t know if it is an issue or not, but it is definitely a red flag. In short it makes me wonder if CA is allowing the browser to essentially execute system commands on the server. So what is that executable doing and why are we calling it in a browser? Is the web server executing commands on the server (initiated by the browser) and are there limitations as to what that executable can do so a browser cannot inject commands and potentially run other system commands? There are ways to lock down the web server to prevent further compromise of the system, and it is dependent on whether or not that .exe is vulnerable to injection, so unfortunately I really can’t tell if it is a problem or not, I would have to have a pen test to see if it is exploitable. A vulnerability scan won’t really help.