Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1655


Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1655
Last Modified 20 Apr 2011 12:00:00
Published 18 Apr 2011 11:00:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

Vulnerable Systems


  • Ca Total Defense R12


CONFIRM -{CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

XF - totaldefense-uncsw-code-execution(66727)


VUPEN - ADV-2011-0977

BID - 47356

BUGTRAQ - 20110413 CA20110413-01: Security Notice for CA Total Defense

BUGTRAQ - 20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

SECTRACK - 1025353

SECUNIA - 44097

Last Updated: 27 May 2016 10:56:23