Vulnerability Details : CVE-2017-9393
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
Published
2017-09-22 14:29:00
Updated
2017-10-05 14:10:07
Vulnerability category: Information leak
Products affected by CVE-2017-9393
- cpe:2.3:a:ca:identity_manager_virtual_appliance:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager_virtual_appliance:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp2:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp3:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp4:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp5:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp6:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp7:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:ga:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp1:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:12.6:sp8:*:*:*:*:*:*
- cpe:2.3:a:ca:identity_manager:14.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9393
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9393
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-9393
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9393
-
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html
404 Not FoundVendor Advisory
-
http://www.securityfocus.com/bid/100956
CA Identity Manager CVE-2017-9393 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to