CVE-2015-2828 Information

Description

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects which allows remote authenticated users to obtain administrative privileges via crafted object data.

Reference

http://packetstormsecurity.com/files/131330/Security-Notice-For-CA-Spectrum.html http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150407-01-security-notice-for-ca-spectrum.aspx http://www.securityfocus.com/archive/1/535205/100/0/threaded http://www.securityfocus.com/bid/73957