CVE-2018-13824

CWE-89SQL Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 28.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom Project Portfolio ManagementCA Technologies PPMCA Project Portfolio Management
Timeline
PublishedAug 30
Latest updateMay 13

Description

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5ca_technologies/ppm15.3 and earlier

Patches

Patch: support.ca.comPatch: support.ca.com

🔴Vulnerability Details

2
GHSA
GHSA-78qh-chfj-3748: Insufficient input sanitization of two parameters in CA PPM 142022-05-13
CVEList
CVE-2018-13824: Insufficient input sanitization of two parameters in CA PPM 142018-08-30