{"containers": {"cna": {"affected": [{"product": "PPM", "vendor": "CA Technologies", "versions": [{"status": "affected", "version": "15.3 and earlier"}]}], "datePublic": "2018-08-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information."}], "problemTypes": [{"descriptions": [{"description": "XML External Entity (XXE)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-08T09:57:01.000Z", "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "shortName": "ca"}, "references": [{"name": "105297", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105297"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@ca.com", "DATE_PUBLIC": "2018-08-29T00:00:00", "ID": "CVE-2018-13823", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PPM", "version": {"version_data": [{"version_value": "15.3 and earlier"}]}}]}, "vendor_name": "CA Technologies"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XML External Entity (XXE)"}]}]}, "references": {"reference_data": [{"name": "105297", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105297"}, {"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html", "refsource": "CONFIRM", "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:14:47.256Z"}, "title": "CVE Program Container", "references": [{"name": "105297", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105297"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"}]}]}, "cveMetadata": {"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "assignerShortName": "ca", "cveId": "CVE-2018-13823", "datePublished": "2018-08-30T14:00:00.000Z", "dateReserved": "2018-07-10T00:00:00.000Z", "dateUpdated": "2024-09-16T16:38:07.040Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:project_portfolio_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E2B0528-B1EB-421D-BB2D-88D6B32E798B", "versionEndIncluding": "14.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:project_portfolio_management:14.4:*:*:*:*:*:*:*", "matchCriteriaId": "B0ADEFB0-9DFF-4F7C-B23B-5BDEC0DF9CED", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:project_portfolio_management:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "78CE337F-8A8B-47E4-8E23-1DF13CC1591E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:project_portfolio_management:15.2:cp5:*:*:*:*:*:*", "matchCriteriaId": "9E5E2436-DAA7-4C4D-89DB-F9D6BDC292DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:project_portfolio_management:15.3:cp2:*:*:*:*:*:*", "matchCriteriaId": "4705AC24-8C61-4B2C-85C0-98D17366CA23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos accedan a informaci\u00f3n sensible."}], "id": "CVE-2018-13823", "lastModified": "2024-11-21T03:48:09.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-30T14:29:01.063", "references": [{"source": "vuln@ca.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105297"}, {"source": "vuln@ca.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"}], "sourceIdentifier": "vuln@ca.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}