CA Business Intelligence (CABI) experiences the "Microsoft Windows Unquoted Service Path Enumeration Vulnerability"

Article Id: 32387
Status: Published
Updated On: 14-02-2018 08:20
Legacy Id: TEC1243476
Products:
SUPPORT AUTOMATION- SERVER , CA Service Desk Manager - Unified Self Service , KNOWLEDGE TOOLS , CA Service Management - Asset Portfolio Management , CA Service Management - Service Desk Manager
Issue/Introduction:

Issue: 
A third party vulnerability scan shows that CABI services are vulnerable to "Microsoft Windows Unquoted Service Path Enumeration" and this is found to be because of service paths not quoted.

 

Unquoted service paths on BusinessObjects server are:

 

SVNSubversion : SAP BusinessObjects Enterprise XI 4.0\\subversion\svnserve.exe

 

BOEXI40BWPublisherService : SAP BusinessObjects Enterprise XI 4.0\win32_x86\bwcepubsvc.exe

 

 

 

Environment:  
Applies to both CABI 4.1 SP3 and CABI 4.1 SP5 used with CA Service Management 14.1

 

 

 

Resolution:

  1. Take backup of the CABI server registry

  2. Open REGEDIT as an OS Administrator and navigate to the following location:
    HKLM -> System -> Current Control Set -> Services 

  3. Search for the mentioned CABI service in the vulnerability report (i.e. BOEXI40BWPublisherService) and edit the 'Imagepath' value and service path to include quotes as follows:
    "D:\Program files (x86)\CA\CommonReporting4\SAP BusinessObjects Enterprise XI 4.0\win32_x86\bwcepubsvc.exe"

  4. Restart the CABI SIA service via the Central Configuration Manager (CCM)

 

Follow the same process for any other CABI service that has unquoted service path in the registry and is reported by a third party vulnerability scan.

 

 

Environment:

Release: SDMU0M99000-14.1-Service Desk Manager-Full License
Component: