← back
CVE-2022-22689

CVE-2022-22689

EPSS 1.3%CWE-1236
In short

A privileged user can inject malicious commands through the CSV export feature in CA Harvest Software Change Manager due to weak input validation. This allows them to execute arbitrary code on the system.

Technical detail

The CSV export functionality in CA Harvest Software Change Manager (versions 13.0.3, 13.0.4, 14.0.0, 14.0.1) fails to properly validate user input, enabling command injection attacks. A privileged user can craft specially formatted data that, when exported to CSV, executes arbitrary system commands with application privileges.

Summary generated and translated by AI from the official description.
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
Affected products
n/a · CA Harvest Software Change Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297