Vulnerability Details : CVE-2015-3318
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2015-3318
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-3318
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2015-3318
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3318
-
http://www.securitytracker.com/id/1032512
CA Common Services Multiple Flaws Let Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/75033
CA Common Services Multiple Local Privilege Escalation And Buffer Overflow Vulnerabilities
-
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx
CA20150604-01: Security Notice for CA Common Services - CA TechnologiesVendor Advisory
-
http://www.securitytracker.com/id/1032513
CA Network and Systems Management Multiple Flaws Let Local Users Gain Elevated Privileges - SecurityTracker
Products affected by CVE-2015-3318
- cpe:2.3:a:ca:network_and_systems_management:r11.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:client_automation:r12.5:sp01:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:client_automation:r12.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:client_automation:r12.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:nsm_job_management_option:r11.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:nsm_job_management_option:r11.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:nsm_job_management_option:r11.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:universal_job_management_agent:-:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:workload_automation_ae:r11.3.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:workload_automation_ae:r11.3.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:workload_automation_ae:r11.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:workload_automation_ae:r11.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel