Vulnerabilities > CA > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-26 CVE-2021-28247 Cross-site Scripting vulnerability in CA Ehealth Performance Manager
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS).
network
low complexity
ca CWE-79
5.4
2019-05-28 CVE-2019-7394 Permissions, Privileges, and Access Controls vulnerability in CA Risk Authentication and Strong Authentication
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
network
low complexity
ca CWE-264
6.5
2019-05-28 CVE-2019-7393 Information Exposure vulnerability in CA Risk Authentication and Strong Authentication
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
network
low complexity
ca CWE-200
4.0
2019-01-22 CVE-2018-19634 CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
network
low complexity
broadcom ca
5.0
2018-08-30 CVE-2018-13826 XXE vulnerability in multiple products
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
network
low complexity
broadcom ca CWE-611
6.4
2018-08-30 CVE-2018-13825 Cross-site Scripting vulnerability in multiple products
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
network
broadcom ca CWE-79
4.3
2018-08-30 CVE-2018-13823 XXE vulnerability in multiple products
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
network
low complexity
broadcom ca CWE-611
5.0
2018-08-30 CVE-2018-13822 Insufficiently Protected Credentials vulnerability in CA Project Portfolio Management
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
network
low complexity
ca CWE-522
5.0
2018-08-30 CVE-2018-13820 Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
network
low complexity
ca CWE-798
5.0
2018-08-30 CVE-2018-13819 Use of Hard-coded Credentials vulnerability in CA Unified Infrastructure Management 8.4.7/8.5/8.5.1
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
network
low complexity
ca CWE-798
5.0