Headline
CVE-2018-6589: Support Content Notification - Support Portal - Broadcom support portal
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
CA20180501-01: Security Notice for CA Spectrum
Issued: May 01, 2018
Last Updated: May 01, 2018
CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability.
The vulnerability, CVE-2018-6589, occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.
Risk Rating
CVE Identifier
Risk Rating
CVE-2018-6589
High
Platform(s)
All
Affected Products
CA Spectrum 10.1.x
CA Spectrum 10.2.x
Unaffected Products
CA Spectrum 10.2.3
How to determine if the installation is affected
Use one of the below methods to find the CA Spectrum product version:
- CA OneClick Console: Click on Help -> About
- Open the Spectrum Console Panel on the SpectroServer and click on Help -> About
- On SpectroServer: Go to the Spectrum install directory, open the .installrc file and find the “VERSION”
Solution
CA Technologies published the following solutions to resolve the vulnerability.
CA Spectrum 10.1.x:
Apply 10.01.02.PTF_10.1.239
CA Spectrum 10.2.x:
Update to CA Spectrum 10.2.3
References
CVE-2018-6589 - CA Spectrum Denial of Service
Acknowledgement
CVE-2018-6589 - Francesco Scibetta
Change History
Version 1.0: 2018-05-01 - Initial Release
CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
Customers who require additional information about this notice may contact CA Technologies Support at http://support.ca.com/.
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.
CA Technologies security notices