Search criteria
4 vulnerabilities found for CA Strong Authentication by CA Technologies, A Broadcom Company
CVE-2019-7393 (GCVE-0-2019-7393)
Vulnerability from cvelistv5 – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
VLAI?
Summary
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
Severity ?
No CVSS data available.
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Affected:
9.0.x
Affected: 8.2.x Affected: 8.1.x Affected: 8.0.x Affected: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7393",
"datePublished": "2019-05-28T18:28:30.990510Z",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-09-16T19:19:28.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7394 (GCVE-0-2019-7394)
Vulnerability from cvelistv5 – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
VLAI?
Summary
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Affected:
9.0.x
Affected: 8.2.x Affected: 8.1.x Affected: 8.0.x Affected: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7394",
"datePublished": "2019-05-28T18:25:49.842653Z",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-09-17T01:16:51.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7393 (GCVE-0-2019-7393)
Vulnerability from nvd – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
VLAI?
Summary
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
Severity ?
No CVSS data available.
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Affected:
9.0.x
Affected: 8.2.x Affected: 8.1.x Affected: 8.0.x Affected: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7393",
"datePublished": "2019-05-28T18:28:30.990510Z",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-09-16T19:19:28.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7394 (GCVE-0-2019-7394)
Vulnerability from nvd – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
VLAI?
Summary
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Affected:
9.0.x
Affected: 8.2.x Affected: 8.1.x Affected: 8.0.x Affected: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7394",
"datePublished": "2019-05-28T18:25:49.842653Z",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-09-17T01:16:51.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}