Vulnerabilities > CA > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-28250 | Improper Privilege Management vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. | 7.8 |
| 2021-03-26 | CVE-2021-28249 | Untrusted Search Path vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. | 8.8 |
| 2019-05-28 | CVE-2019-7394 | Improper Privilege Management vulnerability in CA Risk Authentication and Strong Authentication A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | 8.8 |
| 2019-01-22 | CVE-2018-19634 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | 7.5 |
| 2018-08-30 | CVE-2018-13823 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | 7.5 |
| 2018-08-30 | CVE-2018-13820 | Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 7.5 |
| 2018-08-30 | CVE-2018-13819 | Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 7.5 |
| 2018-05-01 | CVE-2018-6589 | Unspecified vulnerability in CA Spectrum CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2018-04-11 | CVE-2018-8953 | SQL Injection vulnerability in CA Workload Automation AE CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | 8.8 |
| 2017-03-20 | CVE-2016-9165 | Information Exposure vulnerability in CA products The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. | 7.5 |