CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 80
«« 先頭 « 前へ 1 / 4 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2017-9393 CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. 9.8 1.68% 2017-09-22 2026-06-16
CVE-2017-9394 A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. 5.4 0.64% 2017-11-14 2026-06-16
CVE-2018-6586 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. 6.1 0.92% 2018-03-29 2026-06-16
CVE-2018-6587 CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. 6.1 0.92% 2018-03-29 2026-06-16
CVE-2018-6588 CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. 6.1 0.92% 2018-03-29 2026-06-16
CVE-2018-8953 CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. 8.8 2.80% 2018-04-11 2026-06-16
CVE-2018-8954 CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. 9.8 7.31% 2018-04-11 2026-06-16
CVE-2018-6589 CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. 7.5 1.73% 2018-05-01 2026-06-16
CVE-2015-4664 An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. 9.8 20.83% 2018-06-18 2026-06-16
CVE-2018-9021 An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. 9.8 19.38% 2018-06-18 2026-06-16
CVE-2018-9022 An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. 9.8 20.39% 2018-06-18 2026-06-16
CVE-2018-9023 An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. 8.8 1.91% 2018-06-18 2026-06-16
CVE-2018-9024 An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. 5.3 1.12% 2018-06-18 2026-06-16
CVE-2018-9025 An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. 7.5 1.41% 2018-06-18 2026-06-16
CVE-2018-9026 A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. 7.5 1.33% 2018-06-18 2026-06-16
CVE-2018-9027 A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. 6.1 0.90% 2018-06-18 2026-06-16
CVE-2018-9028 Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. 7.5 0.91% 2018-06-18 2026-06-16
CVE-2018-9029 An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. 9.8 1.75% 2018-06-18 2026-06-16
CVE-2018-6590 CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. 6.1 0.75% 2018-08-03 2026-06-16
CVE-2018-13819 A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. 7.5 1.38% 2018-08-30 2026-06-16
«« 先頭 « 前へ 1 / 4 次へ »
cvelogic Threat Intelligence