exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Network Flow Analysis SQL Injection

CA Network Flow Analysis SQL Injection
Posted Dec 2, 2021
Authored by Ken Williams | Site www3.ca.com

CA Technologies is alerting customers to a vulnerability in CA Network Flow Analysis (NFA). A vulnerability exists that can allow an authenticated user to perform SQL injection attacks and access sensitive data. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions. The vulnerability occurs due to insufficient input validation. An authenticated user can potentially access sensitive data. CA Network Flow Analysis versions 9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, and 21.2.1 are affected.

tags | advisory, sql injection
advisories | CVE-2021-44050
SHA-256 | ac424b7c3bbc5bd14124fdfa0a0135b53b40ccc7bbf324e6be554fb4183faa61

CA Network Flow Analysis SQL Injection

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20211201-01: Security Notice for CA Network Flow Analysis

Issued: December 1st, 2021

CA Technologies, A Broadcom Company, is alerting customers to a
vulnerability in CA Network Flow Analysis (NFA). A vulnerability
exists that can allow an authenticated user to perform SQL injection
attacks and access sensitive data. CA published solutions to address
this vulnerability and recommends that all affected customers
implement these solutions.

The vulnerability, CVE-2021-44050, occurs due to insufficient input
validation. An authenticated user can potentially access sensitive
data.


Risk Rating

CVE-2021-44050 - Medium


Platform(s)

Microsoft Windows Server 2012 R2, 2016, 2019


Affected Products

CA Network Flow Analysis 9.3.8
CA Network Flow Analysis 9.5
CA Network Flow Analysis 10.0
CA Network Flow Analysis 10.0.2
CA Network Flow Analysis 10.0.3
CA Network Flow Analysis 10.0.4
CA Network Flow Analysis 10.0.5
CA Network Flow Analysis 10.0.6
CA Network Flow Analysis 10.0.7
CA Network Flow Analysis 21.2.1
Note: older, unsupported versions may be affected


Non-Affected Products

CA Network Flow Analysis 21.2.2 and above


How to determine if the installation is affected

Check the Version Information in the NFA Console
(Administration -> About).


Solution

CA Technologies published the following solutions to address the
vulnerabilities:

Upgrade to 21.2.2 or above.

Alternatively, apply the appropriate fix provided for 10.0.2, 10.0.3,
10.0.4, 10.0.5, 10.0.6, 10.0.7, and/or 21.2.1.

Fixes are available at:
https://knowledge.broadcom.com/external/article?articleId=208906

Note that End of Service has already been announced for NFA 9.3.8,
9.5, and 10.0. Contact Broadcom Support if you are unable to upgrade
to a non-vulnerable version, or to a version with an available fix.


References

CVE-2021-44050 - CA NFA SQL injection vulnerability


Acknowledgement

CVE-2021-44050 - Anthony Ferrillo, NCC Group


Change History

Version 1.0: 2021-12-01 - Initial Release


CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://support.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to the CA Technologies Product Vulnerability
Response Team at ca.psirt <AT> broadcom.com

Security Notices, PGP key, disclosure policy, and related guidance can
be found at: https://techdocs.broadcom.com/ca-psirt


Regards,
Ken Williams
Vulnerability and Incident Response, Broadcom and CA PSIRT
https://techdocs.broadcom.com/ca-psirt
https://www.broadcom.com/support/resources/product-security-center
ken.williams<AT>broadcom.com | ca.psirt<AT>broadcom.com |
psirt<AT>broadcom.com
Broadcom | broadcom.com


Copyright (c) 2021 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade names,
service marks and logos referenced herein belong to their respective
companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsBVAwUBYafHkLGGiMHVuV3kAQhWiwgAjkU0L/VEtDqWZ5xC13CVv69ZYBeeT3qE
WmCZiOIRJO3Plhr5qgwwB25hUgmmEUq9IRc7CCluiDOncoj2BFkhbocSyZVZs9Wp
ezhk2X+fwub1MGDo3eSjQ94JB5ygvhQOTeC6xLqIPJ1AfiUxOlagS8pngaYavSD1
1Mky+n99qq+tKYc6J4F4u1dOcHj3bWYjhJg+5x9kUCgD2OFwR7VssnrGH/SCpSsu
jt22GnbZi4tqgrctgy+VmsBTWcvKg5z8h+tkuP7W1JfvxJjKH4H/J0HG46C0yTqp
6uzsn243s05kpCeqwmX9k5rr247e8o1K2BnURH+NsYRAlurBF/XrSw==
=rQj9
-----END PGP SIGNATURE-----

--
This electronic communication and the information and any files transmitted
with it, or attached to it, are confidential and are intended solely for
the use of the individual or entity to whom it is addressed and may contain
information that is confidential, legally privileged, protected by privacy
laws, or otherwise restricted from disclosure to anyone else. If you are
not the intended recipient or the person responsible for delivering the
e-mail to the intended recipient, you are hereby notified that any use,
copying, distributing, dissemination, forwarding, printing, or copying of
this e-mail is strictly prohibited. If you received this e-mail in error,
please return the e-mail to the sender, delete it from your computer, and
destroy any printed copy of it.
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close