受影响系统：
Computer Associates eTrust Security Command Center r8
Computer Associates eTrust Security Command Center r1
Computer Associates Unicenter Management Portal 3.1
Computer Associates Unicenter Management Portal 2.0
Computer Associates Unicenter Management Portal 11.0
Computer Associates BrightStor Portal 11.1
Computer Associates CleverPath Portal r4.71
Computer Associates CleverPath Portal r4.7
Computer Associates CleverPath Portal r4.51
Computer Associates CleverPath Aion BPM r10.2
Computer Associates CleverPath Aion BPM r10.1
Computer Associates CleverPath Aion BPM r10
Computer Associates Unicenter Database Management Portal r11.1
Computer Associates Unicenter Database Management Portal r11
Computer Associates Unicenter Enterprise Job Manager 3
Computer Associates Unicenter Enterprise Job Manager 11
Computer Associates Unicenter Argis Portfolio Asset Management 11

描述：
CleverPath Portal是一个安全、可扩展的企业信息门户，提供一个协作环境以及信息、应用和Web内容的整合视图。

CleverPath Portal在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞非授权访问数据库。

CleverPath Portal没有正确验证轻型搜索中的ofinterest参数及高级搜索中的description参数，如果攻击者修改了搜索URL中的上述参数的话，就可能导致发送非预期的数据库查询，检索整个数据库内容，具体取决于用户权限。

厂商补丁：
Computer Associates
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
http://supportconnect.ca.com/