CA20160721-01: Security Notice for CA eHealth
1840
07 July 2020
24 May 2019
OPEN
Issued: July 21, 2016
Last Updated: July 21, 2016
CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface, CVE-2016-6151 and CVE-2016-6152, that can allow a remote authenticated attacker to cause a denial of service condition or possibly execute arbitrary commands. CA technologies assigned a High risk rating to these vulnerabilities. CA has a solution available.
Risk Rating
CVE Identifier | Risk | Vulnerable Releases |
CVE-2016-6151 | High | 6.2.x |
CVE-2016-6152 | High | 6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x |
Platform(s)
All
Affected Products
CA eHealth 6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x
How to determine if the installation is affected
Customers may check the build number by running the nhShowRev command
If the installed product Fix build is less than the release in the below table, the installation is vulnerable.
Product release | Fix build |
CA eHealth 6.2.x, 6.3.x | 6.3.2.13 |
Solution
For all releases of CA eHealth, update to version 6.3.2.13 or later to resolve these vulnerabilities.
References
CVE-2016-6151 - CA eHealth 6.2.x remote denial of service/command execution
CVE-2016-6152 - CA eHealth 6.2.x, 6.3.x remote denial of service/command execution
Acknowledgement
CVE-2016-6151, CVE-2016-6152 - Ben Lincoln, NCC Group
Change History
Version 1.0: Initial Release
A notification about this security notice will be sent to customers who are subscribed to Proactive Notifications.
If additional information is required, please contact CA Technologies Support at http://support.ca.com/.
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.