Lucene search

[email protected]CVE-2019-7392

HistoryFeb 26, 2019 - 6:00 p.m.

CVE-2019-7392

2019-02-2618:00:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2019-7392

ca privileged access manager

vulnerability

authentication

remote attacker

sensitive information

configuration

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.

Affected configurations

NVD

Node

broadcomprivileged_access_managerRange3.0.1–3.0.3

broadcomprivileged_access_managerRange3.1.1–3.1.2

broadcomprivileged_access_managerRange3.2.0–3.2.1

CPENameOperatorVersion
broadcom:privileged_access_managerbroadcom privileged access managerle3.0.3
broadcom:privileged_access_managerbroadcom privileged access managerle3.1.2
broadcom:privileged_access_managerbroadcom privileged access managerle3.2.1

CPE	Name	Operator	Version
broadcom:privileged_access_manager	broadcom privileged access manager	le	3.0.3
broadcom:privileged_access_manager	broadcom privileged access manager	le	3.1.2
broadcom:privileged_access_manager	broadcom privileged access manager	le	3.2.1

References

www.securityfocus.com/bid/107040

support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2019-7392

nvd1 cvelist1 prion1