Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
-----BEGIN PGP SIGNED MESSAGE-----
CA20091208-01: Security Notice for CA Service Desk
Issued: December 8, 2009
CA's support is alerting customers to a security risk with CA Service
Desk. A cross-site scripting vulnerability exists that can allow a
remote attacker to potentially gain sensitive information. CA has
issued patches to address the vulnerability.
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
1. *Advisory Information*
Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
Advisory ID: CORE-2011-0506
NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11
Unicenter Asset Management r11.1, r11.2
Unicenter Remote Control r11.2
Unicenter Service Catalog r2.2, r11.1
Unicenter Service Metric Analysis r11.1
Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2
Unicenter Software Delivery r11.1, r11.2
Unicenter Workload Control Center r11
Affected Platforms:
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting
Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
-----BEGIN PGP SIGNED MESSAGE-----
CA20100222-01: Security Notice for CA Service Desk
Issued: February 22, 2010
CA's support is alerting customers to a security risk with CA Service
Desk r12.1. The release of Tomcat as included with CA Service Desk
r12.1 is potentially susceptible to a cross-site scripting
vulnerability. CA has issued a technical document that describes
Potential Security Impact: Remote arbitrary code execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with the HP OpenView Business Process Insight family of products running Shared Trace Service on Windows. The vulnerability could be remotely exploited to execute arbitrary code. The HP OpenView Business Process Insight family of products includes HP OpenView Business Process Insight (OVBPI) ,HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI).
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x and 2.10x on Windows running Shared Trace Service from the HP OpenView Cross Platform Component prior to v3.10.040.
Affected Products:
CA Cohesion Application Configuration Manager 4.5
CA CMDB Application Server 11.1
Unicenter Service Desk 11.2
Non-Affected Products
CA Cohesion Application Configuration Manager 4.5 SP1
3. *Vulnerability Description*
The LANDesk division of Avocent Corporation [1] provides systems
management, security management, service desk, asset management, and
process management solutions to organizations. The company's software is
used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: The
Landesk web application does not sufficiently verify if a well-formed
3. *Vulnerability Description*
The LANDesk division of Avocent Corporation [1] provides systems
management, security management, service desk, asset management, and
process management solutions to organizations. The company's software
is used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: a
cross-site request forgery which allows an external remote attacker to
Severity: High
Description:
BMC Remedy Knowledge Management provides service desk analysts with a
knowledge base of easy-to-find solutions and gives users self-service
search options to help them resolve issues on their own. ProCheckUp has
discovered that multiple Remedy Knowledge Management pages are
vulnerable to reflective XSS attacks, a built in self help account
allows for authentication bypass.
CA Infrastructure Management
CA Introscope
CA IT Asset Manager
CA Process Automation
CA Service Catalog
CA Service Desk Manager
CA Service Metric Analysis
CA Service Operations Insight
CA Software Compliance Manager
CA User Activity Reporting Module
CA Virtual Automation
