Vulnerabilities > CA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-18 | CVE-2018-9027 | Cross-site Scripting vulnerability in CA Privileged Access Manager 2.0 A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 4.3 |
| 2018-04-11 | CVE-2018-8953 | SQL Injection vulnerability in CA Workload Automation AE CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | 6.5 |
| 2018-03-29 | CVE-2018-6588 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 6.1 |
| 2018-03-29 | CVE-2018-6587 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | 6.1 |
| 2018-03-29 | CVE-2018-6586 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | 6.1 |
| 2017-09-22 | CVE-2017-9393 | Information Exposure vulnerability in CA products CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 5.0 |
| 2017-03-20 | CVE-2016-9165 | Information Exposure vulnerability in CA products The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. | 5.0 |
| 2017-03-07 | CVE-2016-9164 | Path Traversal vulnerability in CA Unified Infrastructure Management Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2017-03-07 | CVE-2016-9148 | Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1 Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | 4.3 |
| 2017-01-18 | CVE-2016-10086 | Permissions, Privileges, and Access Controls vulnerability in CA Service Desk Management and Service Desk Manager RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | 5.5 |