This page lists publicly disclosed CVE vulnerabilities affecting broadcom project_portfolio_management (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-13826 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | [email protected] | 9.1 | 1.83% | 2018-08-30 | 2026-06-16 |
| CVE-2018-13825 | Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | [email protected] | 6.1 | 0.90% | 2018-08-30 | 2026-06-16 |
| CVE-2018-13824 | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | [email protected] | 9.8 | 1.75% | 2018-08-30 | 2026-06-16 |
| CVE-2018-13823 | An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | [email protected] | 7.5 | 1.88% | 2018-08-30 | 2026-06-16 |
| CVE-2018-13822 | Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. | [email protected] | 7.5 | 1.33% | 2018-08-30 | 2026-06-16 |