Search criteria
32 vulnerabilities by ca technologies
CVE-2019-13656 (GCVE-0-2019-13656)
Vulnerability from cvelistv5 – Published: 2019-09-06 14:44 – Updated: 2024-08-04 23:57
VLAI?
Summary
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.
Severity ?
9.8 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies | Client Automation |
Affected:
14.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html"
},
{
"name": "20190909 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/15"
},
{
"name": "20190910 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Client Automation",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "14.0"
}
]
},
{
"product": "Workload Automation AE",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:06:12",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html"
},
{
"name": "20190909 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/15"
},
{
"name": "20190910 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/14"
}
],
"source": {
"advisory": "CA20190904-01",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2019-13656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "14",
"version_value": "14.0"
}
]
}
},
{
"product_name": "Workload Automation AE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "11.3.5",
"version_value": "11.3.5"
},
{
"version_affected": "=",
"version_name": "11.3.6",
"version_value": "11.3.6"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html",
"refsource": "MISC",
"url": "https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html"
},
{
"name": "http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html"
},
{
"name": "20190909 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Sep/15"
},
{
"name": "20190910 CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/14"
}
]
},
"source": {
"advisory": "CA20190904-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-13656",
"datePublished": "2019-09-06T14:44:42",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19635 (GCVE-0-2018-19635)
Vulnerability from cvelistv5 – Published: 2019-01-22 15:00 – Updated: 2024-09-17 00:11
VLAI?
Summary
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Service Desk Manager |
Affected:
14.1
Affected: 17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Service Desk Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "14.1"
},
{
"status": "affected",
"version": "17"
}
]
}
],
"datePublic": "2019-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "106689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-01-17T05:00:00.000Z",
"ID": "CVE-2018-19635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Service Desk Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "14.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "17"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106689"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-19635",
"datePublished": "2019-01-22T15:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T00:11:03.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19634 (GCVE-0-2018-19634)
Vulnerability from cvelistv5 – Published: 2019-01-22 15:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Service Desk Manager |
Affected:
14.1
Affected: 17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Service Desk Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "14.1"
},
{
"status": "affected",
"version": "17"
}
]
}
],
"datePublic": "2019-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "106689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-01-17T05:00:00.000Z",
"ID": "CVE-2018-19634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Service Desk Manager",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "14.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "17"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106689"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-19634",
"datePublished": "2019-01-22T15:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-16T22:25:50.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14597 (GCVE-0-2018-14597)
Vulnerability from cvelistv5 – Published: 2018-10-17 21:00 – Updated: 2024-08-05 09:29
VLAI?
Summary
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
Severity ?
No CVSS data available.
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Identity Governance |
Affected:
14.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
},
{
"name": "105688",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Identity Governance",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "14.x"
}
]
}
],
"datePublic": "2018-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-23T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
},
{
"name": "105688",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105688"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2018-14597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Identity Governance",
"version": {
"version_data": [
{
"version_value": "14.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
},
{
"name": "105688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105688"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-14597",
"datePublished": "2018-10-17T21:00:00",
"dateReserved": "2018-07-25T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13819 (GCVE-0-2018-13819)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 19:09
VLAI?
Summary
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | Unified Infrastructure Management |
Affected:
8.5.1, 8.5, 8.4.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unified Infrastructure Management",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "8.5.1, 8.5, 8.4.7"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Infrastructure Management",
"version": {
"version_data": [
{
"version_value": "8.5.1, 8.5, 8.4.7"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105199"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13819",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-16T19:09:57.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13822 (GCVE-0-2018-13822)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-17 03:38
VLAI?
Summary
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
Severity ?
No CVSS data available.
CWE
- Unprotected Storage of Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | PPM |
Affected:
15.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PPM",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "15.3 and earlier"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unprotected Storage of Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-08T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PPM",
"version": {
"version_data": [
{
"version_value": "15.3 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105297"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13822",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-17T03:38:20.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15691 (GCVE-0-2018-15691)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | Release Automation |
Affected:
6.5 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041591"
},
{
"name": "45425",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45425/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html"
},
{
"name": "105197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Release Automation",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "6.5 and earlier"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "1041591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041591"
},
{
"name": "45425",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45425/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html"
},
{
"name": "105197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-15691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Release Automation",
"version": {
"version_data": [
{
"version_value": "6.5 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041591"
},
{
"name": "45425",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45425/"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html"
},
{
"name": "105197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-15691",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-16T17:59:09.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13824 (GCVE-0-2018-13824)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-17 02:00
VLAI?
Summary
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | PPM |
Affected:
15.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PPM",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "15.3 and earlier"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-08T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PPM",
"version": {
"version_data": [
{
"version_value": "15.3 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105297"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13824",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-17T02:00:43.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13825 (GCVE-0-2018-13825)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-17 03:59
VLAI?
Summary
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | PPM |
Affected:
15.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PPM",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "15.3 and earlier"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-08T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PPM",
"version": {
"version_data": [
{
"version_value": "15.3 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105297"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13825",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-17T03:59:51.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13823 (GCVE-0-2018-13823)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
Severity ?
No CVSS data available.
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | PPM |
Affected:
15.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PPM",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "15.3 and earlier"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-08T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PPM",
"version": {
"version_data": [
{
"version_value": "15.3 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105297"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13823",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-16T16:38:07.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13820 (GCVE-0-2018-13820)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 17:27
VLAI?
Summary
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | Unified Infrastructure Management |
Affected:
8.5.1, 8.5, 8.4.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unified Infrastructure Management",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "8.5.1, 8.5, 8.4.7"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Infrastructure Management",
"version": {
"version_data": [
{
"version_value": "8.5.1, 8.5, 8.4.7"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105199"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13820",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-16T17:27:47.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13826 (GCVE-0-2018-13826)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-17 04:08
VLAI?
Summary
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
Severity ?
No CVSS data available.
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | PPM |
Affected:
15.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PPM",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "15.3 and earlier"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-08T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PPM",
"version": {
"version_data": [
{
"version_value": "15.3 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105297"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13826",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-17T04:08:43.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13821 (GCVE-0-2018-13821)
Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 22:45
VLAI?
Summary
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
Severity ?
No CVSS data available.
CWE
- Missing Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | Unified Infrastructure Management |
Affected:
8.5.1, 8.5, 8.4.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unified Infrastructure Management",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "8.5.1, 8.5, 8.4.7"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "105199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Infrastructure Management",
"version": {
"version_data": [
{
"version_value": "8.5.1, 8.5, 8.4.7"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105199"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-13821",
"datePublished": "2018-08-30T14:00:00Z",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-09-16T22:45:26.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6590 (GCVE-0-2018-6590)
Vulnerability from cvelistv5 – Published: 2018-08-03 14:00 – Updated: 2024-09-16 22:40
VLAI?
Summary
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ca technologies | CA API Developer Portal |
Affected:
4.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180802-01--security-notice-for-ca-api-developer-portal.html"
},
{
"name": "1041416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "ca technologies",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2018-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-04T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180802-01--security-notice-for-ca-api-developer-portal.html"
},
{
"name": "1041416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041416"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-02T04:00:00.000Z",
"ID": "CVE-2018-6590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "ca technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180802-01--security-notice-for-ca-api-developer-portal.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180802-01--security-notice-for-ca-api-developer-portal.html"
},
{
"name": "1041416",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041416"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-6590",
"datePublished": "2018-08-03T14:00:00Z",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-09-16T22:40:46.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9024 (GCVE-0-2018-9024)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
Severity ?
No CVSS data available.
CWE
- Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9024",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-16T16:18:45.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4664 (GCVE-0-2015-4664)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.4.4.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37708/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.4.4.4 and earlier"
}
]
}
],
"datePublic": "2015-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37708/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2015-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.4.4.4 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"name": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37708/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2015-4664",
"datePublished": "2018-06-18T18:00:00",
"dateReserved": "2015-06-19T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9023 (GCVE-0-2018-9023)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 22:01
VLAI?
Summary
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9023",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-16T22:01:45.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9029 (GCVE-0-2018-9029)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9029",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-17T00:06:35.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9027 (GCVE-0-2018-9027)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
Severity ?
No CVSS data available.
CWE
- Cross-site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9027",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-17T03:43:13.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9021 (GCVE-0-2018-9021)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.8.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.8.2 and earlier"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T22:06:09",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.8.2 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9021",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-16T16:43:19.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9022 (GCVE-0-2018-9022)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.8.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.8.2 and earlier"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T22:06:08",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.8.2 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9022",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-17T01:51:32.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9026 (GCVE-0-2018-9026)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 19:10
VLAI?
Summary
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
Severity ?
No CVSS data available.
CWE
- Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session Fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9026",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-16T19:10:25.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9028 (GCVE-0-2018-9028)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 23:15
VLAI?
Summary
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
Severity ?
No CVSS data available.
CWE
- Weak Cryptography for Passwords
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Cryptography for Passwords",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Cryptography for Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9028",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-16T23:15:27.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9025 (GCVE-0-2018-9025)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9025",
"datePublished": "2018-06-18T18:00:00Z",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-09-16T22:35:11.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6589 (GCVE-0-2018-6589)
Vulnerability from cvelistv5 – Published: 2018-05-01 18:00 – Updated: 2024-08-05 06:10
VLAI?
Summary
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Spectrum |
Affected:
10.1 , < 10.01.02.PTF_10.1.239
(custom)
Affected: 10.2 , < 10.2.3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Spectrum",
"vendor": "CA Technologies",
"versions": [
{
"lessThan": "10.01.02.PTF_10.1.239",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.3",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T17:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2018-6589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Spectrum",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.01.02.PTF_10.1.239"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.3"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-6589",
"datePublished": "2018-05-01T18:00:00",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8954 (GCVE-0-2018-8954)
Vulnerability from cvelistv5 – Published: 2018-04-11 17:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | Workload Control Center |
Affected:
r11.4 SP5 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html"
},
{
"name": "103742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workload Control Center",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "r11.4 SP5 and earlier"
}
]
}
],
"datePublic": "2018-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "1040605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html"
},
{
"name": "103742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-03-29T00:00:00",
"ID": "CVE-2018-8954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workload Control Center",
"version": {
"version_data": [
{
"version_value": "r11.4 SP5 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040605"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html"
},
{
"name": "103742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-8954",
"datePublished": "2018-04-11T17:00:00Z",
"dateReserved": "2018-03-23T00:00:00",
"dateUpdated": "2024-09-17T01:31:54.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8953 (GCVE-0-2018-8953)
Vulnerability from cvelistv5 – Published: 2018-04-11 17:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | Workload Automation AE |
Affected:
r11.3.5, r11.3.6 SP6 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html"
},
{
"name": "103742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workload Automation AE",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "r11.3.5, r11.3.6 SP6 and earlier"
}
]
}
],
"datePublic": "2018-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "1040605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html"
},
{
"name": "103742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-03-29T00:00:00",
"ID": "CVE-2018-8953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workload Automation AE",
"version": {
"version_data": [
{
"version_value": "r11.3.5, r11.3.6 SP6 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040605"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html"
},
{
"name": "103742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-8953",
"datePublished": "2018-04-11T17:00:00Z",
"dateReserved": "2018-03-23T00:00:00",
"dateUpdated": "2024-09-16T20:22:08.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6587 (GCVE-0-2018-6587)
Vulnerability from cvelistv5 – Published: 2018-03-29 13:00 – Updated: 2024-09-17 00:46
VLAI?
Summary
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA API Developer Portal |
Affected:
3.5 , < 3.5 CR7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "CA Technologies",
"versions": [
{
"lessThan": "3.5 CR7",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T09:57:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "1040603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-03-29T04:00:00.000Z",
"ID": "CVE-2018-6587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.5",
"version_value": "3.5 CR7"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040603"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-6587",
"datePublished": "2018-03-29T13:00:00Z",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-09-17T00:46:52.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6586 (GCVE-0-2018-6586)
Vulnerability from cvelistv5 – Published: 2018-03-29 13:00 – Updated: 2024-09-16 18:48
VLAI?
Summary
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA API Developer Portal |
Affected:
3.5 , < 3.5 CR7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "CA Technologies",
"versions": [
{
"lessThan": "3.5 CR7",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T09:57:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "1040603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-03-29T04:00:00.000Z",
"ID": "CVE-2018-6586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.5",
"version_value": "3.5 CR7"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040603"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-6586",
"datePublished": "2018-03-29T13:00:00Z",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-09-16T18:48:41.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6588 (GCVE-0-2018-6588)
Vulnerability from cvelistv5 – Published: 2018-03-29 13:00 – Updated: 2024-09-16 18:19
VLAI?
Summary
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA API Developer Portal |
Affected:
3.5 , < 3.5 CR6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "CA Technologies",
"versions": [
{
"lessThan": "3.5 CR6",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T09:57:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "1040603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-03-28T04:00:00.000Z",
"ID": "CVE-2018-6588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.5",
"version_value": "3.5 CR6"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040603"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-6588",
"datePublished": "2018-03-29T13:00:00Z",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-09-16T18:19:39.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}