Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ca | First view | 2018-08-30 |
| Product | Project Portfolio Management | Last view | 2018-08-30 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:ca:project_portfolio_management:15.3:cp2:*:*:*:*:*:* | 4 |
| cpe:2.3:a:ca:project_portfolio_management:15.2:cp5:*:*:*:*:*:* | 4 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.1 | 2018-08-30 | CVE-2018-13826 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. |
| 6.1 | 2018-08-30 | CVE-2018-13825 | Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. |
| 9.8 | 2018-08-30 | CVE-2018-13824 | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. |
| 7.5 | 2018-08-30 | CVE-2018-13823 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 25% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
