** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Max CVSS
7.8
EPSS Score
0.05%
Published
2021-03-26
Updated
2021-03-29
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-03-26
Updated
2022-07-12
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Max CVSS
5.4
EPSS Score
0.07%
Published
2021-03-26
Updated
2021-03-29
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
Max CVSS
8.8
EPSS Score
0.96%
Published
2019-05-28
Updated
2020-10-06
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
Max CVSS
4.3
EPSS Score
0.44%
Published
2019-05-28
Updated
2020-10-06
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
Max CVSS
9.8
EPSS Score
0.27%
Published
2019-01-22
Updated
2021-04-09
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2019-01-22
Updated
2021-04-09
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
Max CVSS
9.1
EPSS Score
0.23%
Published
2018-08-30
Updated
2021-04-12
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-08-30
Updated
2021-04-12
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
Max CVSS
9.8
EPSS Score
0.13%
Published
2018-08-30
Updated
2021-04-12
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
Max CVSS
7.5
EPSS Score
0.20%
Published
2018-08-30
Updated
2021-04-12
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
Max CVSS
9.8
EPSS Score
0.37%
Published
2018-08-30
Updated
2018-11-05
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2018-08-30
Updated
2018-10-19
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2018-08-30
Updated
2018-10-19
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-06-18
Updated
2018-08-10
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
Max CVSS
9.8
EPSS Score
1.49%
Published
2018-04-11
Updated
2018-05-17
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-04-11
Updated
2018-05-17
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.22%
Published
2018-05-01
Updated
2023-01-27
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-03-29
Updated
2023-01-27
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-03-29
Updated
2023-01-27
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-03-29
Updated
2023-01-27
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-11-14
Updated
2019-10-09
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
Max CVSS
9.8
EPSS Score
0.44%
Published
2017-09-22
Updated
2017-10-05
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-06
Updated
2019-10-03
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
Max CVSS
8.1
EPSS Score
0.17%
Published
2017-01-18
Updated
2017-01-20
134 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!