VYPR

PPM

by Ca

CVEs (4)

  • CVE-2018-13824CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.02

    Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

  • CVE-2018-13823HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.02

    An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.

  • CVE-2018-13822HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.

  • CVE-2018-13825MedAug 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.