CVE-2011-1655

EUVD-2011-1655
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Common Weakness Enumeration
References
http://secunia.com/advisories/44097
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517492/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/bid/47356
http://www.vupen.com/english/advisories/2011/0977
http://www.zerodayinitiative.com/advisories/ZDI-11-127/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66727
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D
http://secunia.com/advisories/44097
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517492/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/bid/47356
http://www.vupen.com/english/advisories/2011/0977
http://www.zerodayinitiative.com/advisories/ZDI-11-127/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66727
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D