Does anyone have any more information on the 2nd vulnerability?
The second vulnerability, CVE-2018-19635, allows for a malicious actor to gain additional privileges
Can't find out much about it....
I also would like to know. We need to understand how critical these vulnerabilities are.
Can't see to find any detailed info on how critical is this specific vulnerability (CVE-2018-19635), can CA provide any?
I will provide the details on this shortly
So basically the CVE database owners normally get those updates done, Looks like they are a bit behind.....
Here are the two key items
Vulnerability - Survey and privilege escalation.
Vulnerability - Vertical privilege escalation via a survey.
A survey URL is similar to: http://hostname/CAisd/pdmweb.exe?OP=DO_SURVEY+SVY_ID=400003+CNT_ID=F49134B8CAC9A5478C9CC421096CDDDD+CNTXT_PERSID=cr:401210.
The solutions that CA provided resolve both the items.
Edited my previous reply to make it easier for access here
How can I get my own message templates to work again after upgrading to 17.1.02?
what is the variable that I need to use. I found that the URL should be extended by +MSG_DIGEST=
Let me check into this and revert back to you
Engineering provided a bit more clarification on this.
Behind the scenes, we are using an encryption mechanism similar to our password encryptions, to create this checksum. This is then validated against.
At this time there's no easy way to generate this checksum automatically for custom usage.
So both vulnerabilities are with ref to Survey problem for CA Service Desk Manager?
Our implementation of CA Service Desk, Catalog, PAM, EEM and Xtraction is for internal purposes only and still on 14.1.01. Do you see any major risks if we do NOT update to 14.1.05.1 (prereq is for upgrading to 14.1.01)?
Vishnu, a vulnerability is a vulnerability and it does not matter if the app is intended for internal purpose only. For example, what if an internal user use the survey link to get into SDM administration and modify data he/she otherwise does not have permission to? So yes I think there is some risk even for internal purpose only. Thanks _Chi
Chi, it sounds like this vulnerability creates a backdoor for an internal user use the survey link to get to SDM administration. So are you saying that though user is NOT setup to have Administrator access type but still can get to edit access to SDM administration, functional access and meta data just using Survey link?
Also, looking at the link provided by Raghu, the SDM versions listed are more specific to 14.1.02 or above versions.
Unfortunately that is the case, there was a security issue with the survey link which led to possible abuse there.
Regarding 14.x version, Versions prior to 14.1.05.1 are vulnerable.
That means, this includes 14.1.01 too.
Is the issue only present if you use Surveys?
Correct, the issue is exposed only via SDM Survey URLs, no other URLs
Raghu, Just for clarification, there is only 2 vulnerabilities and both are with ref to SDM Survey links, otherwise there is no other know security risks with SDM 14.1.0x, correct?
In this context, yes, the only 2 risks are with the survey URLs.
Retrieving data ...