Computer Associates XOsoft Multiple Flaws (CA20100406) (credentialed check)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
multiple vulnerabilities.

Description :

XOsoft, a product from Computer Associates for combined business
continuity and disaster recovery, is installed on the remote Windows
host.

According to its version, it is affected by several vulnerabilities.

- By sending a specially crafted SOAP request, it may be
possible for an unauthenticated attacker to enumerate
users on the remote system. (CVE-2010-1221)

- By sending a specially crafted SOAP request, it may be
possible for an unauthenticated attacker to gain
sensitive information from the remote system.
(CVE-2010-1222)

- By sending a specially crafted request, it may be
possible for an attacker to execute arbitrary code on
the remote system within the context of the service or
trigger a denial of service condition. (CVE-2010-1223)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-065
http://www.zerodayinitiative.com/advisories/ZDI-10-066
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
http://seclists.org/fulldisclosure/2010/Apr/82

Solution :

Apply vendor-supplied patches.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 45503 (ca_xosoft_multiple_flaws.nasl)

Bugtraq ID: 39238
39244
39249

CVE ID: CVE-2010-1221
CVE-2010-1222
CVE-2010-1223

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now