TDM 4.8.1 vulneravilities
search cancel

TDM 4.8.1 vulneravilities


Article ID: 190972


Updated On:


CA Test Data Manager (Data Finder / Grid Tools)



Our security IT department made and investigation into our tdm platform (4.8.1) and they found 2 issues.

1)  Error and messages with technical information useful for attackers

The application shows util information for the attackers through messages delivery to final users. It allows attacker know more about the platform

Image 1:web service version

Image 2:return request from the serve and it’s internal path where is located the portal

Image platform and internal paths


2) Nonexistent of validations from server

During the security test they found not all the functionality entrances  are validated into the server. It allows send of strange characters  and the response be true or the server does not clear properly the inputs. The security IT team recommends validate the client and server side to prevent unchain other vulnerabilities


Image 4 Request and original answer

Image request with logical operator “not egual to ” which one shows all the request

Imagen 6:Modify the consult can show all the content from the table

More information about the issue on: ,


Release : 4.8

Component : CA Test Data Manager


Thank you for the list provided.  We have created a User Story (DE459723 converted to US671570) that you can follow with new releases.  These enhancement/User Stories are reviewed by our Product Manager and moved into Releases as time permits.  If this becomes a Priority in the future, please create a new case and request the status of the User Story US671570 so support can ask the PM.