Vulnerabilities > CA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-28250 | Improper Privilege Management vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. | 7.8 |
| 2021-03-26 | CVE-2021-28249 | Untrusted Search Path vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. | 8.8 |
| 2021-03-26 | CVE-2021-28247 | Cross-site Scripting vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). | 5.4 |
| 2019-05-28 | CVE-2019-7394 | Permissions, Privileges, and Access Controls vulnerability in CA Risk Authentication and Strong Authentication A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | 6.5 |
| 2019-05-28 | CVE-2019-7393 | Information Exposure vulnerability in CA Risk Authentication and Strong Authentication A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | 4.0 |
| 2019-01-22 | CVE-2018-19635 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | 7.5 |
| 2019-01-22 | CVE-2018-19634 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | 5.0 |
| 2018-08-30 | CVE-2018-13826 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | 6.4 |
| 2018-08-30 | CVE-2018-13825 | Cross-site Scripting vulnerability in multiple products Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | 4.3 |
| 2018-08-30 | CVE-2018-13824 | SQL Injection vulnerability in multiple products Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | 7.5 |