CVE-2018-13826
CRITICALBroadcom Project Portfolio Management < 14.3 - XXE
Title source: ruleDescription
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105297
Patch, Vendor Advisory x_refsource_confirm
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
Scores
CVSS v3
9.1
EPSS
0.0038
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-611
Status
published
Products (5)
broadcom/project_portfolio_management
14.4
broadcom/project_portfolio_management
15.1
broadcom/project_portfolio_management
< 14.3
ca/project_portfolio_management
15.2 cp5
ca/project_portfolio_management
15.3 cp2
Published
Aug 30, 2018
Tracked Since
Feb 18, 2026