CA Technologies 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk input validation、パス処理の欠陥, and vendor risk sql injection があり、vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-28250 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | [email protected] | 7.8 | 0.05% | 2021-03-26 | 2024-11-21 |
| CVE-2021-28249 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | [email protected] | 8.8 | 0.05% | 2021-03-26 | 2024-11-21 |
| CVE-2021-28247 | CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, | [email protected] | 5.4 | 0.15% | 2021-03-26 | 2024-11-21 |
| CVE-2019-7394 | A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | [email protected] | 8.8 | 2.13% | 2019-05-28 | 2024-11-21 |
| CVE-2019-7393 | A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | [email protected] | 4.3 | 1.42% | 2019-05-28 | 2024-11-21 |
| CVE-2018-19635 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | [email protected] | 9.8 | 0.49% | 2019-01-22 | 2024-11-21 |
| CVE-2018-19634 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | [email protected] | 7.5 | 0.26% | 2019-01-22 | 2024-11-21 |
| CVE-2018-13826 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | [email protected] | 9.1 | 0.40% | 2018-08-30 | 2024-11-21 |
| CVE-2018-13825 | Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | [email protected] | 6.1 | 0.24% | 2018-08-30 | 2024-11-21 |
| CVE-2018-13824 | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | [email protected] | 9.8 | 0.71% | 2018-08-30 | 2024-11-21 |
| CVE-2018-13823 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | [email protected] | 7.5 | 0.43% | 2018-08-30 | 2024-11-21 |
| CVE-2018-13821 | A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | [email protected] | 9.8 | 4.78% | 2018-08-30 | 2024-11-21 |
| CVE-2018-13820 | A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | [email protected] | 7.5 | 0.25% | 2018-08-30 | 2024-11-21 |
| CVE-2018-13819 | A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | [email protected] | 7.5 | 0.25% | 2018-08-30 | 2024-11-21 |
| CVE-2018-9027 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | [email protected] | 6.1 | 0.24% | 2018-06-18 | 2024-11-21 |
| CVE-2018-6589 | CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | [email protected] | 7.5 | 0.60% | 2018-05-01 | 2024-11-21 |
| CVE-2018-8954 | CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | [email protected] | 9.8 | 4.74% | 2018-04-11 | 2024-11-21 |
| CVE-2018-8953 | CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | [email protected] | 8.8 | 1.22% | 2018-04-11 | 2024-11-21 |
| CVE-2018-6588 | CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | [email protected] | 6.1 | 0.23% | 2018-03-29 | 2024-11-21 |
| CVE-2018-6587 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | [email protected] | 6.1 | 0.23% | 2018-03-29 | 2024-11-21 |