CVE-2022-22689

HIGH

CA Harvest Software Change Manager <14.0.2 - RCE

Title source: llm

Description

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.

References (1)

[Patch, Vendor Advisory] https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297

Scores

CVSS v3 8.8

EPSS 0.0138

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (4)

broadcom/ca_harvest_software_change_manager 13.0.3

broadcom/ca_harvest_software_change_manager 13.0.4

broadcom/ca_harvest_software_change_manager 14.0.0

broadcom/ca_harvest_software_change_manager 14.0.1

Published Feb 04, 2022

Tracked Since Feb 18, 2026