Vulnerabilities > CA > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-22 | CVE-2018-19635 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | 9.8 |
| 2018-08-30 | CVE-2018-13826 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | 9.1 |
| 2018-08-30 | CVE-2018-13824 | SQL Injection vulnerability in multiple products Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | 9.8 |
| 2018-08-30 | CVE-2018-13821 | Improper Authentication vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | 9.8 |
| 2018-04-11 | CVE-2018-8954 | Improper Input Validation vulnerability in CA Workload Control Center CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | 9.8 |
| 2017-09-22 | CVE-2017-9393 | Information Exposure vulnerability in CA products CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 9.8 |