CVE-2018-13824
CRITICALBroadcom Project Portfolio Management < 14.3 - SQL Injection
Title source: ruleDescription
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105297
Patch, Vendor Advisory x_refsource_confirm
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
Scores
CVSS v3
9.8
EPSS
0.0067
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (5)
broadcom/project_portfolio_management
14.4
broadcom/project_portfolio_management
15.1
broadcom/project_portfolio_management
< 14.3
ca/project_portfolio_management
15.2 cp5
ca/project_portfolio_management
15.3 cp2
Published
Aug 30, 2018
Tracked Since
Feb 18, 2026