Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-06 CVE-2016-3118 Unspecified vulnerability in Broadcom API Gateway
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.
network
low complexity
broadcom
6.4
2016-03-24 CVE-2015-6854 Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
network
low complexity
broadcom CWE-345
6.4
2016-03-24 CVE-2015-6853 Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
network
low complexity
broadcom CWE-345
6.4
2015-06-17 CVE-2015-3316 CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.
local
low complexity
broadcom ca
4.6
2015-01-21 CVE-2014-9225 Information Exposure vulnerability in multiple products
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
network
low complexity
broadcom symantec CWE-200
4.0
2015-01-21 CVE-2014-7289 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
network
low complexity
broadcom symantec CWE-89
6.5
2014-12-16 CVE-2014-8248 SQL Injection vulnerability in Broadcom Release Automation 4.7.1
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.
network
low complexity
broadcom CWE-89
6.5
2014-12-16 CVE-2014-8247 Cross-Site Scripting vulnerability in Broadcom Release Automation 4.7.1
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
broadcom CWE-79
4.3
2014-12-16 CVE-2014-8246 Cross-Site Request Forgery (CSRF) vulnerability in Broadcom Release Automation 4.7.1
Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
broadcom CWE-352
6.8
2014-09-29 CVE-2014-6799 Cryptographic Issues vulnerability in Broadcom Investigation Tool 1.0.0
The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4