製品・ソフトウェアに関する情報

JVN脆弱性詳細

CA Service Metric Analysis および Service Level Management の smmsnmpd サービスにおける任意のコマンドを実行される脆弱性

Title	CA Service Metric Analysis および Service Level Management の smmsnmpd サービスにおける任意のコマンドを実行される脆弱性
Summary	CA Service Metric Analysis および Service Level Management の smmsnmpd サービスは、アクセスを適切に制限しないため、任意のコマンドを実行される脆弱性が存在します。
Possible impacts	第三者により、任意のコマンドを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 7, 2009, midnight
Registration Date	Dec. 27, 2010, 10:34 a.m.
Last Update	Dec. 27, 2010, 10:34 a.m.

Affected System

CA Technologies

CA Service Level Management 3.5

CA Service Metric Analysis r11.0

CA Service Metric Analysis r11.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0043	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0043
National Vulnerability Database (NVD)
2	CVE-2009-0043	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0043

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
CA SUPPORT ONLINE
1	196148	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148

その他

No	Name	URL
SecurityFocus
1	33161	http://www.securityfocus.com/bid/33161
VUPEN Security
2	VUPEN/ADV-2009-0053	http://www.vupen.com/english/advisories/2009/0053

Change Log

No	Changed Details	Date of change
0	[2010年12月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-0043

Summary	The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
Summary	El servicio smmsnmpd en CA Service Metric Analysis r11.0 hasta r11.1 SP1 y Service Level Management v3.5 no restringe el acceso adecuadamente, lo cual permite a atacantes remotos ejecutar comandos de su elección a través de vectores no especificados.
Publication Date	Jan. 9, 2009, 4:30 a.m.
Registration Date	Jan. 29, 2021, 1:13 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ca:service_level_management:3.5:::::::*
cpe:2.3:a:ca:service_metric_analysis:r11.0:::::::*
cpe:2.3:a:ca:service_metric_analysis:r11.1:::::::*
cpe:2.3:a:ca:service_metric_analysis:r11.1:sp1::::::

Related information, measures and tools

No	URL	refsource
1	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx	cve@mitre.org
2	http://securityreason.com/securityalert/4887	cve@mitre.org
3	http://www.securityfocus.com/archive/1/499857/100/0/threaded	cve@mitre.org
4	http://www.securityfocus.com/bid/33161	cve@mitre.org
5	http://www.vupen.com/english/advisories/2009/0053	cve@mitre.org
6	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148	cve@mitre.org
7	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx	af854a3a-2127-422b-91ae-364da2661108
8	http://securityreason.com/securityalert/4887	af854a3a-2127-422b-91ae-364da2661108
9	http://www.securityfocus.com/archive/1/499857/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
10	http://www.securityfocus.com/bid/33161	af854a3a-2127-422b-91ae-364da2661108
11	http://www.vupen.com/english/advisories/2009/0053	af854a3a-2127-422b-91ae-364da2661108
12	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html