CA.UIM.download_lar.jsp.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a Directory Traversal vulnerability in CA Unified Infrastructure Management.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to download_lar.jsp. A remote attacker can exploit this to download arbitrary file from the target server via a crafted request.

affected-products-logoAffected Products

CA Unified Infrastructure Management prior to r8.4 SP2
CA Unified Infrastructure Management Snap prior to r8.4 SP2

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)