Filtered by vendor Ca
Subscribe
Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28249 | 1 Ca | 1 Ehealth Performance Manager | 2022-07-12 | 7.2 HIGH | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2021-11-09 | 7.2 HIGH | 7.8 HIGH |
| The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | |||||
| CVE-2018-13823 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2021-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | |||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | |||||
| CVE-2016-6152 | 2 Broadcom, Ca | 2 Ehealth, Ehealth | 2021-04-09 | 9.0 HIGH | 8.8 HIGH |
| CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | |||||
| CVE-2021-28250 | 1 Ca | 1 Ehealth Performance Manager | 2021-03-29 | 4.6 MEDIUM | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2019-7394 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2020-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | |||||
| CVE-2018-6589 | 1 Ca | 1 Spectrum | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2018-13820 | 1 Ca | 1 Unified Infrastructure Management | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-8953 | 1 Ca | 1 Workload Automation Ae | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | |||||
| CVE-2016-9165 | 1 Ca | 2 Unified Infrastructure Management, Unified Infrastructure Management Snap | 2017-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. | |||||
| CVE-2016-9164 | 1 Ca | 1 Unified Infrastructure Management | 2017-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2017-01-20 | 5.5 MEDIUM | 8.1 HIGH |
| RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | |||||
| CVE-2016-6151 | 1 Ca | 1 Ehealth | 2016-11-28 | 9.0 HIGH | 8.8 HIGH |
| CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | |||||