First published: Wed Apr 11 2018(Updated: )
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
Credit: vuln@ca.com
Affected Software | Affected Version | How to fix |
---|---|---|
Broadcom CA Workload Automation AE | <=r11.3.6 | |
Broadcom CA Workload Automation AE | =r11.3.6-sp1 | |
Broadcom CA Workload Automation AE | =r11.3.6-sp2 | |
Broadcom CA Workload Automation AE | =r11.3.6-sp3 | |
Broadcom CA Workload Automation AE | =r11.3.6-sp4 | |
Broadcom CA Workload Automation AE | =r11.3.6-sp5 | |
Broadcom CA Workload Automation AE | =r11.3.6-sp6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8953 is classified as a critical vulnerability due to its potential for remote exploitation and SQL injection.
To fix CVE-2018-8953, update CA Workload Automation AE to version r11.3.6 SP7 or a later release.
The impact of CVE-2018-8953 can lead to unauthorized access to the database and manipulation of sensitive data.
CVE-2018-8953 affects CA Workload Automation AE versions prior to r11.3.6 SP7, including all service packs from SP1 to SP6.
Yes, CVE-2018-8953 can be exploited remotely via crafted HTTP requests, allowing attackers to execute SQL queries.