CA Harvest Software Change Manager CSV Injection

Discussion in 'News Aggregator' started by Packet Storm, 5 Feb 2022.

  1. Packet Storm

    Packet Storm Guest

    CA Technologies is alerting customers to a vulnerability in CA Harvest Software Change Manager. A vulnerability exists that can allow a privileged user to perform CSV injection attacks and potentially execute arbitrary code or commands. Note that this vulnerability is specific to the Harvest Workbench and Eclipse Plugin interfaces. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions. The vulnerability occurs due to insufficient input validation. A privileged user can potentially execute arbitrary code or commands. Versions affected include 13.0.3, 13.0.4, 14.0.0, and 14.0.1.

    Continue reading...
     

Share This Page

Loading...