Description
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Michel Arboi · textremotewindows
https://www.exploit-db.com/exploits/32711
References (6)
Core 6
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33161
Patch x_refsource_confirm
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148
Vendor Advisory x_refsource_confirm
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4887
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499857/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0053
Scores
EPSS
0.5080
EPSS Percentile
97.9%
Details
CWE
CWE-264
Status
published
Products (3)
ca/service_level_management
3.5
ca/service_metric_analysis
r11.0
ca/service_metric_analysis
r11.1 (2 CPE variants)
Published
Jan 08, 2009
Tracked Since
Feb 18, 2026