Vulnerabilities > CA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-07 | CVE-2010-1222 | Improper Authentication vulnerability in CA products CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | 5.0 |
| 2010-04-07 | CVE-2010-1221 | Improper Authentication vulnerability in CA products CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | 5.0 |
| 2009-12-09 | CVE-2009-4149 | Cross-Site Scripting vulnerability in CA Service Desk 12.1 Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 4.3 |
| 2009-10-13 | CVE-2009-3588 | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. | 4.3 |
| 2009-08-19 | CVE-2009-2740 | Resource Management Errors vulnerability in CA Host-Based Intrusion Prevention System 8.1 kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. | 5.0 |
| 2009-06-16 | CVE-2009-1761 | Improper Input Validation vulnerability in CA Arcserve Backup R12.0 The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. | 5.0 |
| 2008-10-14 | CVE-2008-4400 | Improper Input Validation vulnerability in multiple products Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." | 5.0 |
| 2008-10-14 | CVE-2008-4399 | Improper Input Validation vulnerability in multiple products Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." | 5.0 |
| 2008-10-14 | CVE-2008-4398 | Improper Input Validation vulnerability in multiple products Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | 5.0 |
| 2008-09-27 | CVE-2008-4119 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." | 4.3 |