Ca Security Vulnerabilities
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
7.1AI Score
0.007EPSS
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
7.3AI Score
0.003EPSS
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity referen...
7.1AI Score
0.008EPSS
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12....
6.8AI Score
0.0004EPSS
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12....
6.8AI Score
0.0004EPSS
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12....
6.8AI Score
0.0004EPSS
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
8.1CVSS
7.5AI Score
0.002EPSS
CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
8.8CVSS
8.7AI Score
0.002EPSS
CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
8.8CVSS
8.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
6.1CVSS
6AI Score
0.002EPSS
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
7.5CVSS
7.5AI Score
0.032EPSS
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges v...
7.5CVSS
7.9AI Score
0.035EPSS
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA W...
7.8CVSS
7.4AI Score
0.0004EPSS
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installatio...
5.5CVSS
5.2AI Score
0.0004EPSS
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
9.8CVSS
9.3AI Score
0.004EPSS
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
5.4CVSS
5AI Score
0.001EPSS
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
7.5CVSS
7.4AI Score
0.001EPSS
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
7.5CVSS
7.4AI Score
0.001EPSS
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
9.8CVSS
9.3AI Score
0.004EPSS
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
7.5CVSS
7.5AI Score
0.002EPSS
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
9.8CVSS
9.8AI Score
0.001EPSS
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
6.1CVSS
6.1AI Score
0.001EPSS
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
9.1CVSS
9.1AI Score
0.002EPSS
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
7.5CVSS
7.4AI Score
0.001EPSS
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
9.8CVSS
9.4AI Score
0.003EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
6.1CVSS
5.9AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
6.1CVSS
6AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
6.1CVSS
6AI Score
0.001EPSS
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
7.5CVSS
7.3AI Score
0.002EPSS
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
8.8CVSS
8.8AI Score
0.001EPSS
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
9.8CVSS
9.5AI Score
0.015EPSS
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
6.1CVSS
6.1AI Score
0.001EPSS
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
4.3CVSS
4.7AI Score
0.006EPSS
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an ...
8.8CVSS
8.9AI Score
0.006EPSS
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the p...
5.4CVSS
5.3AI Score
0.001EPSS
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run....
8.8CVSS
8.5AI Score
0.001EPSS
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...
7.8CVSS
7.6AI Score
0.001EPSS