Multiple CA Service Management Products - Remote Command Execution

Related Vulnerabilities: CVE-2009-0043  
Publish Date: 07 Jan 2009
Author: Michel Arboi

Multiple CA Service Management products are prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue is the result of insufficient access restrictions.

Successful attacks can compromise the affected application and possibly the underlying computer.

The following applications are vulnerable:

Service Metric Analysis 11.0, 11.1, and 11.1 SP1
Service Level Management 3.5 

Submitting the following command through netcat or telnet is sufficient to exploit this issue:

[ipconfig /all]