Security Notice for CA Spectrum

Document ID : KB000094815
Last Modified Date : 15/05/2018
Show Technical Document Details
Issue:
CA20180501-01: Security Notice for CA Spectrum

 
Environment:

CA Spectrum 10.1.x:
CA Spectrum 10.2.x:
Resolution:

CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability.

The vulnerability, CVE-2018-6589, occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.

For additional information see the following link:

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html

Also, patches are being built to address this issue for currently supported versions of Spectrum:

CA Spectrum 10.1.2:
Apply 10.01.02.PTF_10.1.239

CA Spectrum 10.2.2:
Apply 10.02.02.PTF_10.2.227