Vendor
Products
103
CVEs
116
Across products
787
Status
Private
Products
103- 271 CVEs
- 28 CVEs
- 26 CVEs
- 23 CVEs
- 23 CVEs
- 22 CVEs
- 17 CVEs
- 15 CVEs
- 12 CVEs
- 12 CVEs
- 12 CVEs
- 12 CVEs
- 12 CVEs
- 12 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 10 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- + 73 more — see CVE list below for full coverage.
Recent CVEs
116| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9393 | Cri | 0.64 | 9.8 | 0.00 | Sep 22, 2017 | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | |
| CVE-2016-6152 | Hig | 0.57 | 8.8 | 0.01 | Jul 26, 2016 | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | |
| CVE-2016-6151 | Hig | 0.57 | 8.8 | 0.01 | Jul 26, 2016 | CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | |
| CVE-2017-8391 | Med | 0.36 | 5.5 | 0.00 | May 6, 2017 | The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | |
| CVE-2017-9394 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2017 | A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | |
| CVE-2008-4397 | 0.10 | — | 0.86 | Oct 14, 2008 | Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | ||
| CVE-2007-5003 | 0.10 | — | 0.82 | Oct 1, 2007 | Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function. | ||
| CVE-2007-2139 | 0.10 | — | 0.85 | Apr 25, 2007 | Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. | ||
| CVE-2006-5143 | 0.10 | — | 0.85 | Oct 10, 2006 | Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. | ||
| CVE-2005-2668 | 0.10 | — | 0.83 | Aug 23, 2005 | Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors. | ||
| CVE-2011-3011 | 0.09 | — | 0.70 | Aug 15, 2011 | BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors. | ||
| CVE-2007-4620 | 0.09 | — | 0.76 | Apr 7, 2008 | Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests. | ||
| CVE-2008-1472 | 0.09 | — | 0.76 | Mar 24, 2008 | Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method. | ||
| CVE-2007-2864 | 0.09 | — | 0.81 | Jun 6, 2007 | Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. | ||
| CVE-2006-6076 | 0.09 | — | 0.79 | Nov 24, 2006 | Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502. | ||
| CVE-2005-1272 | 0.09 | — | 0.81 | Aug 5, 2005 | Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. | ||
| CVE-2005-1018 | 0.09 | — | 0.72 | May 2, 2005 | Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. | ||
| CVE-2009-4225 | 0.08 | — | 0.66 | Dec 8, 2009 | Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method. | ||
| CVE-2009-0043 | 0.07 | — | 0.51 | Jan 8, 2009 | The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||
| CVE-2007-1785 | 0.07 | — | 0.54 | Mar 31, 2007 | The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request. |