Vulnerability Details : CVE-2016-10086
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
Products affected by CVE-2016-10086
- cpe:2.3:a:ca:service_desk_manager:12.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ca:service_desk_management:14.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2016-10086
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2016-10086
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10086
-
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html
CA20170109-01: Security Notice for CA Service Desk ManagerPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1037583
CA Service Desk Flaw Lets Remote Authenticated Users View and Modify Data on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/95366
Computer Associates Service Desk Manager CVE-2016-10086 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to