Access control, Authorization error, Authorization profile, Manage security sessions securely, Session fixation.

CA Productivity Accelerator Manager 13.0, 13.1, 14.1, 14.3, 14.4, 14.5, 14.6

CVE-2022-35293

Due to insecure session management, CA Productivity Accelerator Manager (server component) allows an unauthenticated attacker to gain access to user accounts. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.

Fixed with the release CA Productivity Accelerator 15.0

Data sanitization to take care of all scenarios leading to unautorizised and invalid session request.

Action:
Please upgrade your installed CA Productivity Accelerator Manager instance to 15.0 as minimum.

• CA Productivity Accelerator Manager 15.0 software installation file is available via the Download Center.
• CA Productivity Accelerator 15.0 Upgrade Guide is available via the Download Center.