main content
Login United States - English
CA, Transforming IT Management
Search Technical Support:
    • How to Buy
    • Insights
      • Insights by Topic
      • Blogs
      • On-Demand Webcasts
      • Podcasts
      • Success Stories
      • White Papers
      • Smart Enterprise Magazine
    • Partners
      • Channel Partners
      • Service & Consulting Partners
      • OEM Partners
      • Strategic Alliances
      • Technology Partners
      • Partner Locator
      • Partner Portal
    • Support
      • Technical Support
        • Enterprise
        • Small and Medium Business
        • Home and Home Office
      • Customer Care
      • Global Security Advisor
      • User Communities
    • Education
      • Find Education by Product Category
      • Find Courses
      • Learning Paths
      • Accreditations
      • Policies
      • Resources
      • Partners
    • Solutions
      • Enterprise IT Management
      • Capability Solutions
      • Industry Solutions
      • Mainframe
      • On-Demand Solutions
      • Services
    • Products
      • Product Categories
        • Application Development & Databases
        • Application Performance Management
        • Database Management
        • Governance
        • Infrastructure & Operations Management
        • Mainframe
        • Project, Portfolio & Financial Management
        • Security Management
        • Service Management
        • Storage and Recovery Management
      • Product List
      • Demos
      • Special Offers
      • Trials
SupportConnect - CleverPath Portal Security Notice
  

CleverPath Portal
Security Notice

Last Updated: April 24, 2007

CA's customer support is alerting customers to a security risk associated with CleverPath Portal. A vulnerability exists that can potentially allow an attacker to send unauthorized queries to the Portal underlying relational database management system (RDBMS). The issue exists only in the CleverPath Portal Lite Search feature. CA has issued a patch to address the vulnerability.

Risk Rating

Low

Mitigating Factors

  • Lite Search is required for this scenario.
  • Data can not be modified using this technique.
  • Attacker must have a valid username and password.

Affected Products

BrightStor Portal 11.1
CleverPath Aion 10, 10.1, 10.2
CleverPath Portal 4.51, 4.7, 4.71
eTrust Security Command Center (eTrust SCC) 1, 8
Unicenter Argis Portfolio Asset Management 11
Unicenter Database Management Portal 11, 11.1
Unicenter Enterprise Job Manager (UEJM) 3, 11
Unicenter Management Portal (UMP) 2, 3.1, 11

Affected Products

All supported platforms

How to Determine if You are Affected

To determine if you are using the Lite Search feature, log in to the Portal Administration area. On the Global Properties page, you can view the current Search Engine configuration.

Solution

CA has issued the following solution to address the vulnerability.

CleverPath Portal solution QO87601

CleverPath Portal 4.71.001 - ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/

This patch can be applied to Portal 4.51, 4.7 and 4.71. As with any software upgrades, we recommend that our customers perform a full backup of the existing installation directory and database before applying the patch.

Workaround

None available.

References

CVE reference - CVE-2007-2230

Acknowledgement

CA would like to thank Irene Abezgauz at Hacktics Ltd for reporting this issue to us.

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www.ca.com/securityadvisor/vulninfo/submit.aspx.

main content
 
 
 
Page Tools
printPrint
 
 
Sitemap  |  Privacy  |  Legal  |  Copyright © 2008 CA
About Us  |  News  |  Events  |  Contact Us  |  RSS Feeds