Ca Technologies, A Broadcom Company
Products
20- 8 CVEs
- 4 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
28| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5803 | Hig | 0.56 | 8.6 | 0.02 | Feb 13, 2017 | An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such… | ||
| CVE-2020-8012 | 0.10 | — | 0.78 | Feb 18, 2020 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | |||
| CVE-2021-44050 | 0.00 | — | 0.01 | Dec 2, 2021 | CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | |||
| CVE-2020-29478 | 0.00 | — | 0.01 | Jan 5, 2021 | CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition. | |||
| CVE-2020-28421 | 0.00 | — | 0.00 | Nov 23, 2020 | CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | |||
| CVE-2020-11660 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | |||
| CVE-2020-11659 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||
| CVE-2020-11658 | 0.00 | — | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||
| CVE-2020-11663 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-11661 | 0.00 | — | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | |||
| CVE-2020-11666 | 0.00 | — | 0.03 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | |||
| CVE-2020-11665 | 0.00 | — | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-11664 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-8011 | 0.00 | — | 0.02 | Feb 18, 2020 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. | |||
| CVE-2019-19230 | 0.00 | — | 0.04 | Dec 9, 2019 | An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | |||
| CVE-2019-13658 | 0.00 | — | 0.03 | Oct 2, 2019 | CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||
| CVE-2019-7393 | 0.00 | — | 0.02 | May 28, 2019 | A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | |||
| CVE-2019-7394 | 0.00 | — | 0.03 | May 28, 2019 | A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in… | |||
| CVE-2018-14597 | 0.00 | — | 0.01 | Oct 17, 2018 | CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | |||
| CVE-2015-3317 | 0.00 | — | 0.00 | Jun 17, 2015 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers… |
- risk 0.56cvss 8.6epss 0.02
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such…
- CVE-2020-8012Feb 18, 2020risk 0.10cvss —epss 0.78
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
- CVE-2021-44050Dec 2, 2021risk 0.00cvss —epss 0.01
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
- CVE-2020-29478Jan 5, 2021risk 0.00cvss —epss 0.01
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
- CVE-2020-28421Nov 23, 2020risk 0.00cvss —epss 0.00
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
- CVE-2020-11660Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
- CVE-2020-11659Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
- CVE-2020-11658Apr 15, 2020risk 0.00cvss —epss 0.02
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
- CVE-2020-11663Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-11661Apr 15, 2020risk 0.00cvss —epss 0.02
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
- CVE-2020-11666Apr 15, 2020risk 0.00cvss —epss 0.03
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
- CVE-2020-11665Apr 15, 2020risk 0.00cvss —epss 0.02
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-11664Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-8011Feb 18, 2020risk 0.00cvss —epss 0.02
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
- CVE-2019-19230Dec 9, 2019risk 0.00cvss —epss 0.04
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
- CVE-2019-13658Oct 2, 2019risk 0.00cvss —epss 0.03
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
- CVE-2019-7393May 28, 2019risk 0.00cvss —epss 0.02
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
- CVE-2019-7394May 28, 2019risk 0.00cvss —epss 0.03
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in…
- CVE-2018-14597Oct 17, 2018risk 0.00cvss —epss 0.01
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
- CVE-2015-3317Jun 17, 2015risk 0.00cvss —epss 0.00
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers…