CVE-2018-13824
📋 TL;DR
This SQL injection vulnerability in CA PPM allows remote attackers to execute arbitrary SQL commands through insufficient input sanitization of two parameters. Attackers could potentially read, modify, or delete database content, affecting CA PPM versions 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below.
💻 Affected Systems
- CA PPM (Project and Portfolio Management)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the CA PPM database, allowing data theft, modification, or deletion, and potential privilege escalation to execute operating system commands.
Likely Case
Unauthorized access to sensitive business data stored in the PPM database, including project information, financial data, and user credentials.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification privileges.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The CVSS 9.8 score indicates critical severity with network access and no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply patches as specified in CA Security Notice CA20180829-01
Vendor Advisory: https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
Restart Required: Yes
Instructions:
1. Review CA Security Notice CA20180829-01. 2. Download appropriate patches from CA Support. 3. Apply patches following CA documentation. 4. Restart CA PPM services. 5. Verify patch application.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy WAF with SQL injection rules to block malicious requests
Network Segmentation
allRestrict network access to CA PPM to only trusted sources
🧯 If You Can't Patch
- Implement strict input validation at the application layer
- Apply database-level security controls and limit user permissions
🔍 How to Verify
Check if Vulnerable:
Check CA PPM version against affected versions list. If running affected version, assume vulnerable.Check Version:
Check version in CA PPM administration interface or consult CA documentation for version check commands.Verify Fix Applied:
Verify patch installation through CA PPM administration console and confirm version is no longer in affected range.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts with SQL-like patterns
- Unexpected database errors in application logs
Network Indicators:
- HTTP requests containing SQL keywords (SELECT, UNION, etc.) to CA PPM endpoints
- Unusual database connection patterns
SIEM Query:
source="*ca_ppm*" AND ("SELECT" OR "UNION" OR "INSERT" OR "DELETE") AND status=200🔗 References
- http://www.securityfocus.com/bid/105297
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
- http://www.securityfocus.com/bid/105297
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
