Vulnerabilities > CA

DATE CVE VULNERABILITY TITLE RISK
2018-08-30 CVE-2018-13823 XXE vulnerability in multiple products
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
network
low complexity
broadcom ca CWE-611
5.0
2018-08-30 CVE-2018-13822 Insufficiently Protected Credentials vulnerability in CA Project Portfolio Management
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
network
low complexity
ca CWE-522
5.0
2018-08-30 CVE-2018-13821 Improper Authentication vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
network
low complexity
ca CWE-287
7.5
2018-08-30 CVE-2018-13820 Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
network
low complexity
ca CWE-798
5.0
2018-08-30 CVE-2018-13819 Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
network
low complexity
ca CWE-798
5.0
2018-06-18 CVE-2018-9027 Cross-site Scripting vulnerability in CA Privileged Access Manager 2.0
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
network
ca CWE-79
4.3
2018-05-01 CVE-2018-6589 Unspecified vulnerability in CA Spectrum
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
ca
7.5
2018-04-11 CVE-2018-8954 Improper Input Validation vulnerability in CA Workload Control Center
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
network
low complexity
ca CWE-20
7.5
2018-04-11 CVE-2018-8953 SQL Injection vulnerability in CA Workload Automation AE
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
network
low complexity
ca CWE-89
6.5
2018-03-29 CVE-2018-6588 Cross-site Scripting vulnerability in CA API Developer Portal 3.5
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
network
low complexity
ca CWE-79
6.1