CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ca_harvest_software_change_manager | Broadcom | 13.0.3 (including) | 13.0.3 (including) |
Ca_harvest_software_change_manager | Broadcom | 13.0.4 (including) | 13.0.4 (including) |
Ca_harvest_software_change_manager | Broadcom | 14.0.0 (including) | 14.0.0 (including) |
Ca_harvest_software_change_manager | Broadcom | 14.0.1 (including) | 14.0.1 (including) |