Posted by Williams, Ken on Nov 10

CA20161109-02: Security Notice for CA Service Desk Manager

Issued: November 09, 2016

CA Technologies Support is alerting customers to a vulnerability in CA
Service Desk Manager (formerly CA Service Desk). A reflected cross site
scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM
parameter of the SDM web interface. A remote attacker, who can trick a
user into clicking on or visiting a specially crafted link, could…