The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator.

CVE Link

Exploit Platform

Windows

Exploit Type

Exploits

Remote

Product Name

Impact

CA Total Defense UNCWS Web Service getDBConfigSettings Remote Code Execution Exploit

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum