CA Business Intelligence (CABI) experiences the "Microsoft Windows Unquoted Service Path Enumeration Vulnerability"

Document ID : KB000032387
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue: 
A third party vulnerability scan shows that CABI services are vulnerable to "Microsoft Windows Unquoted Service Path Enumeration" and this is found to be because of service paths not quoted.

 

Unquoted service paths on BusinessObjects server are:

 

SVNSubversion : SAP BusinessObjects Enterprise XI 4.0\\subversion\svnserve.exe

 

BOEXI40BWPublisherService : SAP BusinessObjects Enterprise XI 4.0\win32_x86\bwcepubsvc.exe

 

 

 

Environment:  
Applies to both CABI 4.1 SP3 and CABI 4.1 SP5 used with CA Service Management 14.1

 

 

 

Resolution:

  1. Take backup of the CABI server registry

  2. Open REGEDIT as an OS Administrator and navigate to the following location:
    HKLM -> System -> Current Control Set -> Services 

  3. Search for the mentioned CABI service in the vulnerability report (i.e. BOEXI40BWPublisherService) and edit the 'Imagepath' value and service path to include quotes as follows:
    "D:\Program files (x86)\CA\CommonReporting4\SAP BusinessObjects Enterprise XI 4.0\win32_x86\bwcepubsvc.exe"

  4. Restart the CABI SIA service via the Central Configuration Manager (CCM)

 

Follow the same process for any other CABI service that has unquoted service path in the registry and is reported by a third party vulnerability scan.