Support Content Notification - Support Portal

Unicenter Remote Control 6.0 and 6.0 SP1 Potential Security Risk

Product/Component

Notification Id

1908

Last Updated

24 May 2019

Initial Publication Date

24 May 2019

Status

OPEN

Severity

CVSS Base Score

WorkAround

Affected CVE

The Computer Associates Technical Support team wishes to alert our customers of a security hole potentially affecting the administration of a centrally managed Unicenter Remote Control Enterprise. We have recently discovered this security hole regarding the following products:

Affected Products:
      Unicenter Remote Control 6.0 English Service Pack 1 (Build 6.0.77)
      Unicenter Remote Control 6.0 English QO48974 (Build 6.0.74)
      Unicenter Remote Control 6.0 English GA (6.0.56.3)
      Unicenter Remote Control 6.0 French Service Pack 1 (Build 6.0.77)
      Unicenter Remote Control 6.0 French GA (Build 6.0.74)
      Unicenter Remote Control 6.0 German Service Pack 1 (Build 6.0.77)
      Unicenter Remote Control 6.0 German GA (Build 6.0.74)

Affected Components:
Unicenter Remote Control Management Console
Unicenter Remote Control Management Server

Affected Operating System:
Win NT, Win 2000, Win XP, Win 2003

A Unicenter Remote Control (URC) Management Console version 6.0 SP1 may allow any user that has been authenticated by the underlying Operating System to connect to another URC 6.0 Management Server. This may allow unauthorized users to administer and configure the Remote Control Enterprise managed by this management server.

A solution to this problem is available and addresses the problem in two aspects:
A) Login to a URC 6.0 Management Server is correctly authenticated and allows access to the server according to the granted permissions.
B) Secures existing URC 6.0 Management Servers against potential security breaches from an unpatched URC 6.0 SP1 Management Console.

Steps to be taken:

Patch all URC 6.0 Management Servers and Management Consoles with the appropriate fix detailed below:

      QO59115 - Unicenter Remote Control 6.0 English Service Pack 1 (Build 6.0.77)
      QO59132 - Unicenter Remote Control 6.0 English QO48974 (Build 6.0.74)
      QO59133 - Unicenter Remote Control 6.0 English GA (6.0.56.3)
      QO59136 - Unicenter Remote Control 6.0 French Service Pack 1 (Build 6.0.77)
      QO59137 - Unicenter Remote Control 6.0 French GA (Build 6.0.74)
      QO59134 - Unicenter Remote Control 6.0 German Service Pack 1 (Build 6.0.77)
      QO59135 - Unicenter Remote Control 6.0 German GA (Build 6.0.74)