Vulnerabilities > CA

DATE CVE VULNERABILITY TITLE RISK
2018-03-29 CVE-2018-6586 Cross-site Scripting vulnerability in CA API Developer Portal 3.5
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
network
low complexity
ca CWE-79
6.1
2017-11-14 CVE-2017-9394 Cross-site Scripting vulnerability in CA Identity Governance 12.6.0
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
network
low complexity
ca CWE-79
5.4
2017-09-22 CVE-2017-9393 Information Exposure vulnerability in CA products
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
network
low complexity
ca CWE-200
critical
9.8
2017-05-06 CVE-2017-8391 Incorrect Permission Assignment for Critical Resource vulnerability in CA Client Automation R12.9/R14.0
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
local
low complexity
ca CWE-732
5.5
2017-03-20 CVE-2016-9165 Information Exposure vulnerability in CA products
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
network
low complexity
ca CWE-200
7.5
2017-03-07 CVE-2016-9164 Path Traversal vulnerability in CA Unified Infrastructure Management
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
ca CWE-22
7.5
2017-03-07 CVE-2016-9148 Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
network
low complexity
ca CWE-79
6.1
2017-01-27 CVE-2016-9795 Improper Input Validation vulnerability in multiple products
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
local
low complexity
broadcom ca CWE-20
7.8
2017-01-18 CVE-2016-10086 Permissions, Privileges, and Access Controls vulnerability in CA Service Desk Management and Service Desk Manager
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
network
low complexity
ca CWE-264
8.1
2016-07-26 CVE-2016-6152 CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
network
low complexity
ca broadcom
8.8