CA Total Defense UNCWS Web Service exportReport Remote Code Execution Exploit

The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
Platform: 
Vulnerabilty ID: 
NOCVE-9999-51517
Product Version: 
12.0
Released Date: 
Thursday, March 22, 2012 - 00:00