Privileged Access Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-26	CVE-2019-7392	Improper Authentication vulnerability in Broadcom Privileged Access Manager An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. network low complexity broadcom CWE-287 critical	9.1
2018-06-18	CVE-2018-9029	SQL Injection vulnerability in Broadcom Privileged Access Manager An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. network low complexity broadcom CWE-89 critical	9.8
2018-06-18	CVE-2018-9028	Inadequate Encryption Strength vulnerability in Broadcom Privileged Access Manager Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. network low complexity broadcom CWE-326	7.5
2018-06-18	CVE-2018-9026	Session Fixation vulnerability in Broadcom Privileged Access Manager A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. network low complexity broadcom CWE-384	7.5
2018-06-18	CVE-2018-9025	Improper Input Validation vulnerability in Broadcom Privileged Access Manager An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. network low complexity broadcom CWE-20	7.5
2018-06-18	CVE-2018-9024	Improper Authentication vulnerability in Broadcom Privileged Access Manager An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. network low complexity broadcom CWE-287	5.3
2018-06-18	CVE-2018-9023	Improper Input Validation vulnerability in Broadcom Privileged Access Manager An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. network low complexity broadcom CWE-20	8.8
2018-06-18	CVE-2018-9022	Improper Privilege Management vulnerability in Broadcom Privileged Access Manager An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. network low complexity broadcom CWE-269 critical	9.8
2018-06-18	CVE-2018-9021	Improper Privilege Management vulnerability in Broadcom Privileged Access Manager An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. network low complexity broadcom CWE-269 critical	9.8
2018-06-18	CVE-2015-4664	Improper Input Validation vulnerability in multiple products An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. network low complexity broadcom xceedium CWE-20 critical	9.8