CVE-2008-4119

Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/09/25.aspx
http://secunia.com/advisories/32038	Vendor Advisory
http://securityreason.com/securityalert/4318
http://www.securityfocus.com/archive/1/496755/100/0/threaded
http://www.securityfocus.com/bid/31412
http://www.securitytracker.com/id?1020949
http://www.vupen.com/english/advisories/2008/2673
https://exchange.xforce.ibmcloud.com/vulnerabilities/45416
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:service_desk:11.2:::::::*
	cpe:2.3:a:ca:cmdb:11.0:::::::*
	cpe:2.3:a:ca:cmdb:11.1:::::::*
	cpe:2.3:a:ca:cmdb:11.2:::::::*

History

No history.

Information

Published : 2008-09-27 10:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-4119

Mitre link : CVE-2008-4119

CVE.ORG link : CVE-2008-4119

JSON object : View

Products Affected

ca

cmdb

broadcom

service_desk

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-4119", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-09-27T10:30:03.350", "references": [{"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/09/25.aspx", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32038", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4318", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/496755/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31412", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020949", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2673", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45416", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"multiple web forms.\""}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en CA Service Desk v11.2 y CMDB v11.0 hasta v11.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados implicando a \"m\u00faltiples formas web\"."}], "lastModified": "2021-04-09T18:54:06.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:service_desk:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DE05D81-FD7C-41D4-9FA7-42214110FBE3"}, {"criteria": "cpe:2.3:a:ca:cmdb:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97F5ED43-DF93-4A8E-8D15-5115339806DA"}, {"criteria": "cpe:2.3:a:ca:cmdb:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2EAFA0C-9992-42F3-A3A4-F37BB89E5567"}, {"criteria": "cpe:2.3:a:ca:cmdb:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE5CAD0-D95F-4927-9B9F-6432C968D507"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}