VYPR

Ehealth Performance Manager

by Ca

CVEs (6)

  • CVE-2021-28249HigMar 26, 2021
    risk 0.57cvss 8.8epss 0.00

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the…

  • CVE-2021-28250HigMar 26, 2021
    risk 0.51cvss 7.8epss 0.00

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only…

  • CVE-2021-28246HigMar 26, 2021
    risk 0.51cvss 7.8epss 0.00

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in…

  • CVE-2021-28248HigMar 26, 2021
    risk 0.49cvss 7.5epss 0.01

    CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a…

  • CVE-2021-28247MedMar 26, 2021
    risk 0.35cvss 5.4epss 0.01

    CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting…

  • CVE-2010-0640Feb 24, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.