An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/105297 | Third Party Advisory VDB Entry |
| https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Apr 2021, 13:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ca:project_portfolio_management:15.1:*:*:*:*:*:*:* cpe:2.3:a:ca:project_portfolio_management:14.4:*:*:*:*:*:*:* |
cpe:2.3:a:broadcom:project_portfolio_management:*:*:*:*:*:*:*:* cpe:2.3:a:broadcom:project_portfolio_management:15.1:*:*:*:*:*:*:* cpe:2.3:a:broadcom:project_portfolio_management:14.4:*:*:*:*:*:*:* |
Information
Published : 2018-08-30 14:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-13826
Mitre link : CVE-2018-13826
CVE.ORG link : CVE-2018-13826
JSON object : View
Products Affected
ca
- project_portfolio_management
broadcom
- project_portfolio_management
CWE
CWE-611
Improper Restriction of XML External Entity Reference