Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-17 | CVE-2015-3316 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. | 4.6 |
| 2015-04-08 | CVE-2015-2828 | Permissions, Privileges, and Access Controls vulnerability in Broadcom Spectrum 9.2/9.3 CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | 9.0 |
| 2015-04-08 | CVE-2015-2827 | Cross-site Scripting vulnerability in Broadcom Spectrum 9.2/9.3 Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2015-01-21 | CVE-2014-9226 | Permissions, Privileges, and Access Controls vulnerability in multiple products The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | 7.2 |
| 2015-01-21 | CVE-2014-9225 | Information Exposure vulnerability in multiple products The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | 4.0 |
| 2015-01-21 | CVE-2014-9224 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2015-01-21 | CVE-2014-7289 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 6.5 |
| 2015-01-21 | CVE-2014-3440 | Improper Input Validation vulnerability in multiple products The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | 9.0 |
| 2014-12-16 | CVE-2014-8248 | SQL Injection vulnerability in Broadcom Release Automation 4.7.1 SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | 6.5 |
| 2014-12-16 | CVE-2014-8247 | Cross-Site Scripting vulnerability in Broadcom Release Automation 4.7.1 Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |