CA Service Management

  • 1.  VA in CA Service Desk Manager

    Posted Sep 05, 2017 08:11 AM

    Hi

     

    A VA has been identified in CA Service Desk Manager as Dangerous http methods enabled and CVE No. for the same is : CWE-650.

    Please help.



  • 2.  Re: VA in CA Service Desk Manager

    Posted Sep 05, 2017 10:39 AM

    Hi EMS,

    Can you please provide us with the version of Service Desk you are using, along with the information on what specifically was found, how it was found, and what the steps are that you used to reproduce this vulnerability within the application?

    Thanks,

    Jon I.



  • 3.  Re: VA in CA Service Desk Manager

    Posted Sep 06, 2017 05:54 AM

    Hi EMS,

     

    You can also log a support case and supply the same info Jon referred to for further investigation.

     

    ===

    Kind Regards,

    Brian



  • 4.  Re: VA in CA Service Desk Manager

    Posted Sep 11, 2017 05:09 AM

    Hi Brian

     

    Had around 6 Vulnerability, other were resolved by CA Support, but suggested to post this VA in community.

    As they were not able to provide solution for the same. 



  • 5.  Re: VA in CA Service Desk Manager

    Posted Sep 11, 2017 05:07 AM

    Hi Jon

     

    SDM version is 14.1, it was found that CA SDM uses dangerous HTTP methods.

    It was detected during a Vulnerability scan on the servers.

    We have not taken any steps for this.

     

    Please help!!!



  • 6.  Re: VA in CA Service Desk Manager

    Posted Sep 11, 2017 06:39 AM

    Please open a support case as Brian mentioned and supply us with the vulnerability scan report so we are able to have those addressed.  

    Thanks,

    Jon