CVE-2011-1654

Published Apr 18, 2011

Last updated a year ago

Overview

Description: Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References