Vulnerabilities > CA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-13823 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | 7.5 |
| 2018-08-30 | CVE-2018-13821 | Improper Authentication vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | 9.8 |
| 2018-08-30 | CVE-2018-13820 | Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 7.5 |
| 2018-08-30 | CVE-2018-13819 | Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 7.5 |
| 2018-06-18 | CVE-2018-9027 | Cross-site Scripting vulnerability in CA Privileged Access Manager 2.0 A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 6.1 |
| 2018-05-01 | CVE-2018-6589 | Unspecified vulnerability in CA Spectrum CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2018-04-11 | CVE-2018-8954 | Improper Input Validation vulnerability in CA Workload Control Center CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | 9.8 |
| 2018-04-11 | CVE-2018-8953 | SQL Injection vulnerability in CA Workload Automation AE CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | 8.8 |
| 2018-03-29 | CVE-2018-6588 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 6.1 |
| 2018-03-29 | CVE-2018-6587 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | 6.1 |