Description
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297
Scores
CVSS v3
8.8
EPSS
0.0129
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1236
Status
published
Products (4)
broadcom/ca_harvest_software_change_manager
13.0.3
broadcom/ca_harvest_software_change_manager
13.0.4
broadcom/ca_harvest_software_change_manager
14.0.0
broadcom/ca_harvest_software_change_manager
14.0.1
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026