Credential Disclosure in CA Total Defense's Unified Network Control Server
CVE-2011-1655

Currently unrated

Key Information:

Vendor

Broadcom
Status
Total Defense
Vendor
CVE Published:
18 April 2011

What is CVE-2011-1655?

The management.asmx module within the Management Web Service of CA Total Defense's Unified Network Control Server versions prior to SE2 is prone to a credential disclosure vulnerability. This flaw allows remote attackers to intercept cleartext responses from getDBConfigSettings requests, potentially exposing sensitive database credentials. Such exposure could enable attackers to execute arbitrary code on the affected vulnerable systems when they leverage these credentials, heightening the risk of unauthorized access and exploitation.

References

http://www.securityfocus.com/archive/1/517492/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/44097
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0977
vdb-entryx_refsource_VUPEN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.