VYPR
Vendor

Ca

Products
160
CVEs
260
Across products
276
Status
Private

Products

160
View all 160 products →

Recent CVEs

260
View all 260 CVEs →
  • CVE-2018-15691CriAug 30, 2018
    risk 0.68cvss 9.8epss 0.17

    Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.

  • CVE-2018-9021CriJun 18, 2018
    risk 0.68cvss 9.8epss 0.19

    An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

  • CVE-2015-4664CriJun 18, 2018
    risk 0.68cvss 9.8epss 0.21

    An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

  • CVE-2024-48204CriOct 25, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.

  • CVE-2018-13824CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.02

    Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

  • CVE-2018-13821CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.03

    A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.

  • CVE-2017-9393CriSep 22, 2017
    risk 0.64cvss 9.8epss 0.02

    CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

  • CVE-2018-13826CriAug 30, 2018
    risk 0.59cvss 9.1epss 0.02

    An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.

  • CVE-2015-6854CriMar 24, 2016
    risk 0.59cvss 9.1epss 0.01

    The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

  • CVE-2015-6853CriMar 24, 2016
    risk 0.59cvss 9.1epss 0.01

    The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive…

  • CVE-2018-8953HigApr 11, 2018
    risk 0.57cvss 8.8epss 0.03

    CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.

  • CVE-2016-6152HigJul 26, 2016
    risk 0.57cvss 8.8epss 0.03

    CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

  • CVE-2016-6151HigJul 26, 2016
    risk 0.57cvss 8.8epss 0.03

    CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

  • CVE-2016-5803HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.02

    An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such…

  • CVE-2016-10086HigJan 18, 2017
    risk 0.53cvss 8.1epss 0.02

    RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

  • CVE-2016-9795HigJan 27, 2017
    risk 0.51cvss 7.8epss 0.01

    The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers…

  • CVE-2018-13823HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.02

    An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.

  • CVE-2018-13822HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.

  • CVE-2018-13820HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.

  • CVE-2018-13819HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.