SNS Vulnerability

CA CleverPath Portal Lite Search Multiple Remote SQL Query Injection Vulnerabilities

Description

Multiple vulnerabilities have been identified in CA CleverPath Portal, which could be exploited by malicious users to execute arbitrary SQL queries. These issues are caused by input validation errors in the Lite Search module that does not validate the "ofinterest" and "description" parameters before being used in SQL statements, which could be exploited by authenticated attackers to conduct SQL injection attacks against the underlying relational database management system (RDBMS).
Note : An unspecified security risk related to the "PREV_LOCATION" attribute has also been reported.

Vulnerable Products

Vulnerable Software:
CA BrightStor Portal version 11.1CA CleverPath Aion version 10CA CleverPath Aion version 10.1CA CleverPath Aion version 10.2CA CleverPath Portal version 4.51CA CleverPath Portal version 4.7CA CleverPath Portal version 4.71CA eTrust Security Command Center (eTrust SCC) version 1CA eTrust Security Command Center (eTrust SCC) version 8CA Unicenter Argis Portfolio Asset Management version 11CA Unicenter Database Management Portal version 11CA Unicenter Database Management Portal version 11.1CA Unicenter Enterprise Job Manager (UEJM) version 3CA Unicenter Enterprise Job Manager (UEJM) version 11CA Unicenter Management Portal (UMP) version 2CA Unicenter Management Portal (UMP) version 3.1CA Unicenter Management Portal (UMP) version 11

Solution

Apply patch :ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/

CVE

CVE-2007-2230

References

http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp
ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt
http://www.hacktics.com/AdvCleverPathApr07.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2007-04-25

Target Type

Server

Possible exploit

Local & Remote