Vulnerabilities > CA > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-28250 | Improper Privilege Management vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. | 7.8 |
| 2021-03-26 | CVE-2021-28249 | Untrusted Search Path vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. | 8.8 |
| 2019-01-22 | CVE-2018-19635 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | 7.5 |
| 2018-08-30 | CVE-2018-13824 | SQL Injection vulnerability in multiple products Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | 7.5 |
| 2018-08-30 | CVE-2018-13821 | Improper Authentication vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1 A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | 7.5 |
| 2018-05-01 | CVE-2018-6589 | Unspecified vulnerability in CA Spectrum CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2018-04-11 | CVE-2018-8954 | Improper Input Validation vulnerability in CA Workload Control Center CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | 7.5 |
| 2017-01-27 | CVE-2016-9795 | Improper Input Validation vulnerability in multiple products The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | 7.2 |
| 2014-11-04 | CVE-2014-8474 | XML External Entity Injection vulnerability in CA Cloud Service Management CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |
| 2014-04-04 | CVE-2014-2210 | Path Traversal vulnerability in CA Erwin web Portal 9.5 Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. | 7.5 |