Null pointer dereference

2020-02-1804:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

CPENameOperatorVersion
unified_infrastructure_managementle9.20
unified_infrastructure_managementge20.3.0
unified_infrastructure_managementlt20.4.0
unified_infrastructure_managementeq20.1

Name	Operator	Version
unified_infrastructure_management	le	9.20
unified_infrastructure_management	ge	20.3.0
unified_infrastructure_management	lt	20.4.0
unified_infrastructure_management	eq	20.1

References

support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832

techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html