CVE-2018-13826

CRITICAL

Broadcom Project Portfolio Management < 14.3 - XXE

Title source: rule

Description

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105297

[Patch, Vendor Advisory] https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html

Scores

CVSS v3 9.1

EPSS 0.0040

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-611

Status published

Affected Products (5)

broadcom/project_portfolio_management < 14.3

broadcom/project_portfolio_management

ca/project_portfolio_management

Timeline

Published Aug 30, 2018

Tracked Since Feb 18, 2026