Search criteria
6 vulnerabilities by CA Technologies, a Broadcom Company
CVE-2020-29478 (GCVE-0-2020-29478)
Vulnerability from cvelistv5 – Published: 2021-01-05 17:24 – Updated: 2024-08-04 16:55
VLAI?
Summary
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
Severity ?
No CVSS data available.
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Service Catalog |
Affected:
17.2
Affected: 17.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Service Catalog",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "17.2"
},
{
"status": "affected",
"version": "17.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T17:24:46",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
],
"source": {
"advisory": "CA20201215-01",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-29478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Service Catalog",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2"
},
{
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-258 Empty Password in Configuration File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810",
"refsource": "CONFIRM",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
]
},
"source": {
"advisory": "CA20201215-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-29478",
"datePublished": "2021-01-05T17:24:46",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19230 (GCVE-0-2019-19230)
Vulnerability from cvelistv5 – Published: 2019-12-09 20:36 – Updated: 2024-09-17 02:16
VLAI?
Summary
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Release Automation |
Affected:
6.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/16"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Release Automation",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"datePublic": "2019-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T01:06:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/16"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-12-09T00:00:00.000Z",
"ID": "CVE-2019-19230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Release Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "6",
"version_value": "6.6"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2",
"refsource": "CONFIRM",
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Dec/16"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/16"
},
{
"name": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-19230",
"datePublished": "2019-12-09T20:36:49.352965Z",
"dateReserved": "2019-11-22T00:00:00",
"dateUpdated": "2024-09-17T02:16:04.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13657 (GCVE-0-2019-13657)
Vulnerability from cvelistv5 – Published: 2019-10-17 18:45 – Updated: 2024-09-17 02:31
VLAI?
Summary
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Performance Management |
Affected:
3.5.x
Affected: 3.6.x before 3.6.9 Affected: 3.7.x before 3.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Performance Management",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "3.5.x"
},
{
"status": "affected",
"version": "3.6.x before 3.6.9"
},
{
"status": "affected",
"version": "3.7.x before 3.7.4"
}
]
}
],
"datePublic": "2019-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-18T18:06:13",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-10-15T04:00:00.000Z",
"ID": "CVE-2019-13657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Performance Management",
"version": {
"version_data": [
{
"version_value": "3.5.x"
},
{
"version_value": "3.6.x before 3.6.9"
},
{
"version_value": "3.7.x before 3.7.4"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/26"
},
{
"name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
},
{
"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html",
"refsource": "CONFIRM",
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
},
{
"name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-13657",
"datePublished": "2019-10-17T18:45:16.512931Z",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-09-17T02:31:44.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13658 (GCVE-0-2019-13658)
Vulnerability from cvelistv5 – Published: 2019-10-02 16:14 – Updated: 2024-09-17 01:50
VLAI?
Summary
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, a Broadcom Company | CA Network Flow Analysis |
Affected:
9.x
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
},
{
"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/6"
},
{
"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Network Flow Analysis",
"vendor": "CA Technologies, a Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.x"
}
]
},
{
"product": "CA Network Flow Analysis",
"vendor": "CA Technologies, a Broadcom Company",
"versions": [
{
"status": "affected",
"version": "10.0.x"
}
]
}
],
"datePublic": "2019-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T15:06:04",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
},
{
"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/6"
},
{
"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-10-01T04:00:00.000Z",
"ID": "CVE-2019-13658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Network Flow Analysis",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, a Broadcom Company"
},
{
"product": {
"product_data": [
{
"product_name": "CA Network Flow Analysis",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "10",
"version_value": "10.0.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, a Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
},
{
"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/6"
},
{
"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/4"
},
{
"name": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-13658",
"datePublished": "2019-10-02T16:14:53.392727Z",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-09-17T01:50:58.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7393 (GCVE-0-2019-7393)
Vulnerability from cvelistv5 – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
VLAI?
Summary
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
Severity ?
No CVSS data available.
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Affected:
9.0.x
Affected: 8.2.x Affected: 8.1.x Affected: 8.0.x Affected: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7393",
"datePublished": "2019-05-28T18:28:30.990510Z",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-09-16T19:19:28.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7394 (GCVE-0-2019-7394)
Vulnerability from cvelistv5 – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
VLAI?
Summary
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Affected:
9.0.x
Affected: 8.2.x Affected: 8.1.x Affected: 8.0.x Affected: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7394",
"datePublished": "2019-05-28T18:25:49.842653Z",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-09-17T01:16:51.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}