The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/517492/100/0/threaded | mailing list |
| http://secunia.com/advisories/44097 | third party advisory vendor advisory |
| http://www.vupen.com/english/advisories/2011/0977 | vdb entry vendor advisory |
| http://securitytracker.com/id?1025353 | vdb entry |
| https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-127/ | |
| http://www.securityfocus.com/bid/47356 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66727 | vdb entry |
| http://www.securityfocus.com/archive/1/517494/100/0/threaded | mailing list |