CA Service Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Tip: Receive "Proactive Notifications" for CA Service Management products

  • 1.  Tip: Receive "Proactive Notifications" for CA Service Management products

    Posted Jan 17, 2019 07:08 PM

    TIP

    A reminder to sign up for "Proactive Notifications" if you are managing a CA product.

     

    This email distribution list is used for important information, such as Hyper Notifications, like the current one attached to the end of this post.

     

    Note that the Proactive Notifications are the recommended way to be notified of these important updates, as typically the CA Service Management community does NOT double-post the same content here.

     

    STEPS

    CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

    Select "Critical Updates" (or more options) for your Products, and then "Submit" at the bottom right of the screen.

     

    OTHER

    The current patch for ITSM 17.1 Roll-up Patch 2 has been released. 

    It is recommended to go to the current patch version, rather than one just sufficient to meet the minimum requirements of a Hyper patch.

    CA Service Management 17.1 Roll-up Patch 2 (17.1.0.2) Released 

     

    Thanks! Kyle_R.

     

    ________________________________________________________________

    Example 

    From: ProactiveNotifications@ca.com

    CA - PROACTIVE NOTIFICATION - USRD - CRITICAL ALERT - CUSRD-100795

    January 17, 2019

     

    CA Service Desk Managercustomers, please review the following security notice.

     

    For the latest version of this security notice, see

     

    CA20190117-01: Security Notice for CA Service Desk Manager

     

    CA20190117-01: Security Notice for CA Service Desk Manager

     

    Issued: January 17, 2019

    Last Updated: January 17, 2019

     

    CA Technologies Support is alerting customers to multiple potential risks with CA Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or possibly gain additional privileges. CA published solutions to address the vulnerabilities.

     

    The first vulnerability, CVE-2018-19634, is due to how survey access is implemented. A malicious actor can access and submit survey information without authentication.

     

    The second vulnerability, CVE-2018-19635, allows for a malicious actor to gain additional privileges.

     

    Risk Rating

    High

     

    Platform(s)

    All platforms

     

    Affected Products

    CA Service Desk Manager 14.1

    CA Service Desk Manager 17

     

    How to determine if the installation is affected

     

    CA Service Desk Manager r14.1:

    Versions prior to 14.1.05.1 are vulnerable.

     

    CA Service Desk Manager r17 Windows:

    Versions 17.1.0.1 and prior without the 17.1.0.1 language patch in the solution section are vulnerable

     

    CA Service Desk Manager r17 Linux:

    Versions prior to 17.1.0.2 are vulnerable

     

    Solution

    CA Technologies published the following solutions to address the vulnerabilities.

    CA Service Desk Manager r14.1:

    Update to CA Service Desk Manager 14.1.05.1. The rollup patches are available on the CA Service Desk Manager 14.1 Solutions & Patches page.

    Windows - SO05733

    Sun - SO05716

    Linux - SO05715

     

    CA Service Desk Manager R17 Linux:

    Update to 17.1.0.2 from the CA Service Desk Manager 17.1 Solutions & Patches page.

     

    CA Service Desk Manager R17 Windows:

    Update to 17.1.0.2. Alternatively, update to 17.1.0.1 and install the corresponding language patch for the Service Desk Manager installation. All fixes are available on the CA Service Desk Manager 17.1 Solutions & Patches page.

     

    Chinese - SO06055

    English - SO06036

    French - SO06051

    French Canadian - SO06039

    German - SO06037

    Italian - SO06052

    Japanese - SO06053

    Portuguese - SO06054

    Spanish - SO06038

     

    References

    CVE-2018-19634- CA Service Desk Manager survey access

    CVE-2018-19635- CA Service Desk Manager privilege escalation

     

    Acknowledgement

    CVE-2018-19634 and CVE-2018-19635 - Bui Duy Hiep

     

    Change History

    Version 1.0: 2019-01-17 - Initial Release

    CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

    Customers who require additional information about this notice may contact CA Technologies Support at http://support.ca.com/.

    To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.

     

    Copyright © 2019 Broadcom. All Rights Reserved. The term Broadcom refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connectingeverything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

     

    To unsubscribe from this service, please follow the link below:
    https://support.ca.com/irj/portal/hyperSubscription

    ________________________________________________________________



  • 2.  Re: Tip: Receive "Proactive Notifications" for CA Service Management products

     
    Posted Jan 18, 2019 02:56 PM

    Thanks for sharing this tip with the community Kyle!

    Tip: Receive "Proactive Notifications" for CA Service Management products