CA Service Desk 14.1 Vulnerability

Document ID : KB000046995
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

We are using CA Service Desk Manager  14.1  integrated with BOXI. Our security team want to ensure that there is no any vulnerability(like tomcat vulnerability, poodle vulnerability etc)  for SDM 14.1.

If any vulnerability is there, please provide the tech doc/steps to fix them.

Answer:

Poddle vulnerability
*CA Service Desk
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1250834.aspx
*BOXI
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1064055.aspx


Enumeration vulnerability 
*BOXI
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1243476.aspx

Tomcat vulnerability
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1703317.aspx


Service Desk URL vulnerability
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1837276.aspx


Cross-Site Scripting Vulnerabilities

https://docops.ca.com/ca-service-management/14-1/en/implementing/implementing-ca-service-management-14-1/step-4-install-or-upgrade/implementing-ca-service-desk-manager/how-to-install-ca-sdm/secure-ca-sdm-from-cross-site-scripting-vulnerabilities


Encrypt Session id
https://docops.ca.com/ca-service-management/14-1/en/administering/configuring-ca-service-desk-manager/encrypt-session-ids-to-address-vulnerability-issues