Intrusion Prevention

CA.TotalDefenseSuite.UNCWS.Multiple.SP.SQL.Injection

Description

This indicates an attack attempt against a Stored Procedure SQL Injection vulnerability in CA Total Defense Suite UNCWS.
The vulnerability is a result of the failure of some methods to properly sanitize user input parameters. It may allow an attacker to execute arbitrary commands on a vulnerable system by injecting arbitrary SQL statements into stored procedures.

Affected Products

CA Total Defense Suite r12 prior to r12 SE2.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

CVE References

CVE-2011-1653