Vulnerabilities > CA
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-26 | CVE-2016-6152 | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | 9.0 |
2016-07-26 | CVE-2016-6151 | Command Injection vulnerability in CA Ehealth 6.2/6.2.1/6.2.2 CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | 9.0 |
2015-06-17 | CVE-2015-3318 | Improper Input Validation vulnerability in CA products CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors. | 4.6 |
2015-06-17 | CVE-2015-3317 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CA products CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. | 4.6 |
2015-06-17 | CVE-2015-3316 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. | 4.6 |
2014-11-04 | CVE-2014-8474 | XML External Entity Injection vulnerability in CA Cloud Service Management CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |
2014-11-04 | CVE-2014-8473 | Cross-Site Request Forgery (CSRF) vulnerability in CA Cloud Service Management Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-11-04 | CVE-2014-8472 | Improper Authentication vulnerability in CA Cloud Service Management CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | 6.8 |
2014-11-04 | CVE-2014-8471 | Replay Security Bypass vulnerability in CA Cloud Service Management CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors. network ca | 4.3 |
2014-04-04 | CVE-2014-2210 | Path Traversal vulnerability in CA Erwin web Portal 9.5 Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. | 7.5 |