CVE-2011-1654

critical

Description

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

References

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D

https://exchange.xforce.ibmcloud.com/vulnerabilities/66726

http://www.zerodayinitiative.com/advisories/ZDI-11-126/

http://www.vupen.com/english/advisories/2011/0977

http://www.securityfocus.com/bid/47357

http://www.securityfocus.com/archive/1/517494/100/0/threaded

http://www.securityfocus.com/archive/1/517488/100/0/threaded

http://securitytracker.com/id?1025353

http://secunia.com/advisories/44097

Details

Source: Mitre, NVD

Published: 2011-04-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02443