lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 6 Aug 2009 19:22:21 -0400
From: "Kotas, Kevin J" <Kevin.Kotas@...com>
To: <bugtraq@...urityfocus.com>
Subject: CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management

CA20090806-02: Security Notice for Unicenter Asset Portfolio
Management, Unicenter Desktop and Server Management, Unicenter
Patch Management

Issued: August 6, 2009

CA's technical support is alerting customers to a security risk with
Unicenter Asset Portfolio Management, Unicenter Desktop and Server
Management, and Unicenter Patch Management. The release of Tomcat as
included with the products is potentially susceptible to a cross-site
scripting vulnerability.  CA has issued a solution to address the
issue.

Risk Rating

Medium

Platform

Windows

Affected Products

Unicenter Asset Portfolio Management 11.3
Unicenter Asset Portfolio Management 11.3.4
Unicenter Desktop and Server Management 11.2
Unicenter Patch Management 11.2

How to determine if the installation is affected

Customers can use the following technical documents to determine if
an installation is affected.

Unicenter Asset Portfolio Management:
TEC492816

Unicenter Desktop and Server Management:
TEC491323

Unicenter Patch Management:
TEC491323

Solution

Unicenter Asset Portfolio Management:
Follow the instructions in solution document RI09916.

Unicenter Desktop and Server Management,
Unicenter Patch Management:
Follow the instructions in technical document TEC491323.

References

CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232

CA20090806-02: Security Notice for Unicenter Asset Portfolio
Management, Unicenter Desktop and Server Management, Unicenter Patch
Management
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=2140
95

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Support at
http://support.ca.com/

If you discover a vulnerability in CA products, please report your
findings to the CA Product Vulnerability Response Team.
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777
82

Kevin Kotas
CA Product Vulnerability Response Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ