CVE-2018-13824

CRITICAL

Broadcom Project Portfolio Management < 14.3 - SQL Injection

Title source: rule

Description

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105297

[Patch, Vendor Advisory] https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html

Scores

CVSS v3 9.8

EPSS 0.0071

EPSS Percentile 71.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (5)

broadcom/project_portfolio_management < 14.3

broadcom/project_portfolio_management

ca/project_portfolio_management

Timeline

Published Aug 30, 2018

Tracked Since Feb 18, 2026