CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
http://www.securityfocus.com/bid/39249
http://www.securityfocus.com/archive/1/510564/100/0/threaded