All CA Spectrum releases, prior to Spectrum 10.2.3 are suspect for the vulnerability.
CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability.
The vulnerability, CVE-2018-6589, occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.
Risk Rating: CVE-2018-6589 High
Platforms affected: All
Affected GA Releases:
CA Spectrum 10.1.x
CA Spectrum 10.2.x prior to Spectrum 10.2.3
If you are running any release other than Spectrum 10.2.3, you need to verify the release level and patch level of all your SpectroSERVERs and OneClick web servers, to ensure they are not at risk.
CA Technologies has published the following solutions to resolve this vulnerability.
Note: When applying the patch, all SpectroSERVERs and OneClick server will need to be patched.
Upgrading to Spectrum 10.2.3 will also address this issue.
For more information see:
CA20180501-01 - Security Notice for CA SPECTRUM