CA ControlMinder JMX Console Authentication Bypass

by Carol~ Moderator - 4/30/13 12:48 PM

In Reply to: VULNERABILITIES / FIXES - April 30, 2013 by Carol~ Moderator

Release Date: 2013-02-14
Last Update: 2013-04-30

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status: Vendor Patch

Software: CA ControlMinder 12.x
CA ControlMinder for Virtual Environments 2.x

Description:
CA has acknowledged a security issue in CA ControlMinder, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is reported in the following versions.
* CA ControlMinder for Windows versions 12.5, 12.6, and 12.6 SP1.
* CA ControlMinder for Linux versions 12.5, 12.6, and 12.6 SP1.
* CA ControlMinder SAM versions 12.5, 12.6, and 12.6 SP1.
* CA ControlMinder Upgrade version 12.6.
* CA ControlMinder for Virtual Environments version 2.0.

Solution:
Apply update (please see the vendor's advisory for details).

Original Advisory:
CA20130213-01:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A6F2B559-F02D-4FCE-B3BF-C743219D4A27}

TEC559568:
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC559568

http://secunia.com/advisories/52192