NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2017-9393 | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 9.8 | 1.68% | 2017-09-22 | 2026-06-16 |
| CVE-2017-9394 | A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 5.4 | 0.64% | 2017-11-14 | 2026-06-16 |
| CVE-2018-6586 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | 6.1 | 0.92% | 2018-03-29 | 2026-06-16 |
| CVE-2018-6587 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | 6.1 | 0.92% | 2018-03-29 | 2026-06-16 |
| CVE-2018-6588 | CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 6.1 | 0.92% | 2018-03-29 | 2026-06-16 |
| CVE-2018-8953 | CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | 8.8 | 2.80% | 2018-04-11 | 2026-06-16 |
| CVE-2018-8954 | CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | 9.8 | 7.31% | 2018-04-11 | 2026-06-16 |
| CVE-2018-6589 | CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 | 1.73% | 2018-05-01 | 2026-06-16 |
| CVE-2015-4664 | An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | 9.8 | 20.83% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9021 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | 9.8 | 19.38% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9022 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | 9.8 | 20.39% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9023 | An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | 8.8 | 1.91% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9024 | An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | 5.3 | 1.12% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9025 | An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | 7.5 | 1.41% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9026 | A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | 7.5 | 1.33% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9027 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 6.1 | 0.90% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9028 | Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | 7.5 | 0.91% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9029 | An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | 9.8 | 1.75% | 2018-06-18 | 2026-06-16 |
| CVE-2018-6590 | CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | 6.1 | 0.75% | 2018-08-03 | 2026-06-16 |
| CVE-2018-13819 | A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 7.5 | 1.38% | 2018-08-30 | 2026-06-16 |