Vulnerabilities > CA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-28247 | Cross-site Scripting vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). | 5.4 |
| 2019-05-28 | CVE-2019-7393 | Improper Restriction of Rendered UI Layers or Frames vulnerability in CA Risk Authentication and Strong Authentication A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | 4.3 |
| 2018-08-30 | CVE-2018-13825 | Cross-site Scripting vulnerability in multiple products Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | 6.1 |
| 2018-06-18 | CVE-2018-9027 | Cross-site Scripting vulnerability in CA Privileged Access Manager 2.0 A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 6.1 |
| 2018-03-29 | CVE-2018-6588 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 6.1 |
| 2018-03-29 | CVE-2018-6587 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | 6.1 |
| 2018-03-29 | CVE-2018-6586 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | 6.1 |
| 2017-11-14 | CVE-2017-9394 | Cross-site Scripting vulnerability in CA Identity Governance 12.6.0 A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 5.4 |
| 2017-05-06 | CVE-2017-8391 | Incorrect Permission Assignment for Critical Resource vulnerability in CA Client Automation R12.9/R14.0 The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | 5.5 |
| 2017-03-07 | CVE-2016-9148 | Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1 Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | 6.1 |