CA Total Defense UNCWS Web Service getDBConfigSettings Remote Code Execution Exploit

The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the database credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator.
Vulnerabilty ID: 
Released Date: 
Tuesday, June 7, 2011 - 19:00