The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
CVE Link
Exploit Platform
Product Name