Unicenter Remote Control 5.2/5.1/5.0 and ControlIT 5.1/5.0

1907

24 May 2019

24 May 2019

OPEN

The Computer Associates Technical Support team wishes to alert our customers about potential system security vulnerabilities that we have recently discovered regarding the following products.

Affected products:
Unicenter Remote Control 5.2
Unicenter Remote Control Option 5.1
Unicenter Remote Control Option German Version 5.1
Unicenter Remote Control Option 5.0
Control IT Enterprise Edition 5.1
Control IT Enterprise Edition 5.0
Control IT Advanced Edition 5.0

System Security Vulnerability

A security vulnerability exists in the products listed above. The vulnerability exists because the user interface of Host and Viewer indirectly allows any application to be run under the local system account. This gives an attacker very high privileges.

To exploit this vulnerability, the attacker would require direct or remote access to the computer's desktop.

In the worst case, the attacker could run the command prompt as local system providing privileges above those intended for the user.

A resolution to these problems has been published and we advise customers to apply the patch as advised by the table below:

Unicenter Remote Control 5.2 QO48406
Unicenter Remote Control Option 5.1 QO48410
Unicenter Remote Control Option German Version 5.1 QO48411
Unicenter Remote Control Option 5.0 QO48412
Control IT Enterprise Edition 5.1 QO48413
Control IT Enterprise Edition 5.0 QO48415
Control IT Advanced Edition 5.0 QO48416