-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20180501-01: Security Notice for CA Spectrum Issued: May 1st, 2018 Last Updated: May 1st, 2018 CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability. The vulnerability, CVE-2018-6589, occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability. Risk Rating CVE Identifier Risk Rating CVE-2018-6589 High Platform(s) All Affected Products CA Spectrum 10.1.x CA Spectrum 10.2.x Unaffected Products CA Spectrum 10.2.3 How to determine if the installation is affected Use one of the below methods to find the CA Spectrum product version: 1. CA OneClick Console: Click on Help -> About 2. Open the Spectrum Console Panel on the SpectroServer and click on Help -> About 3. On SpectroServer: Go to the Spectrum install directory, open the .installrc file and find the "VERSION" Solution CA Technologies published the following solutions to resolve the vulnerability. CA Spectrum 10.1.x: Apply 10.01.02.PTF_10.1.239 CA Spectrum 10.2.x: Update to CA Spectrum 10.2.3 References CVE-2018-6589 - CA Spectrum Denial of Service Acknowledgement CVE-2018-6589 - Francesco Scibetta Change History Version 1.0: Initial Release Customers who require additional information about this notice may contact CA Technologies Support at https://support.ca.com/ To report a suspected vulnerability in a CA Technologies product, please send a summary to CA Technologies Product Vulnerability Response at vuln <AT> ca.com Security Notices and PGP key support.ca.com/irj/portal/anonymous/phpsbpldgpg www.ca.com/us/support/ca-support-online/documents.aspx?id=177782 Regards, Kevin Kotas Vulnerability Response Director CA Technologies Product Vulnerability Response Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY 10022. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Charset: utf-8 wsFVAwUBWuiPK8Mr2sgsME5lAQrSFw/+ODt5YOFxRR5DpqYceXD+632QlKciImVE 11weVg55o11K7ZvLuQfKvfOl1C0DIwXuiwsCg29EdVGaoSYYhXHeHBw7k3tYhGLp eea45ha0ZPBtl31IYZbloyOZtCOG1RwZFiHXoC8YnBC4Y0MSeY3pwGCKzSlgvkMg mqYw+s9nRr24hO6cSWYLQAgxtvjL3b/oX5UMbCiAlzBg7oVkiAqvjnka4f+fY4+r 2HzH05vy0JFD7hTVRROUimlZ3yy2HjbWj/UHcCZdm/5q5qrIVMHnIK3jfV7TjF90 +neTCG2xUR+0Xd9KBct2hqRtvEH1kiJ8stWx7zDhTaRUjQVBVfG3gizE+MCDljrN ngj8K2uOw8cvDBrj2n8rR7QZ5x8LrfTMs3yMW4ori+RYlWK1GkI/jRi4Y6qJLSrk +rrlEPxGR0P74eWAgNvZPka1M92D8zpBUvIIbnZLJMGkIdf5/cmDvCwxP0dQzO16 DrbdffuTUNyS4DdpglFoTKNYq2hN3KJgkiJLdp8kekDlflSG5BRP5t9vpJZkxcfX DywbVRkPgf9wJyvqweaDBAU3CI4Z8KlifbuPiO0pbv85tO602zUlWs00BaLp3b9a 75UTWUVTrJ75sgbNbMrHq/JZ/nZPvEapXkMU/Ka5Dw/6AXb6Dc7kWTA0XXNDBpe6 dLWBxdURIKg= =QbR0 -----END PGP SIGNATURE-----
