Vendor CVEs
Ca Technologies, A Broadcom Company
All CVEs
28 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5803 | Hig | 0.56 | 8.6 | 0.02 | Feb 13, 2017 | An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such… | ||
| CVE-2020-8012 | 0.10 | — | 0.78 | Feb 18, 2020 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | |||
| CVE-2021-44050 | 0.00 | — | 0.01 | Dec 2, 2021 | CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | |||
| CVE-2020-29478 | 0.00 | — | 0.01 | Jan 5, 2021 | CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition. | |||
| CVE-2020-28421 | 0.00 | — | 0.00 | Nov 23, 2020 | CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | |||
| CVE-2020-11660 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | |||
| CVE-2020-11659 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||
| CVE-2020-11658 | 0.00 | — | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||
| CVE-2020-11663 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-11661 | 0.00 | — | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | |||
| CVE-2020-11666 | 0.00 | — | 0.03 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | |||
| CVE-2020-11665 | 0.00 | — | 0.02 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-11664 | 0.00 | — | 0.01 | Apr 15, 2020 | CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||
| CVE-2020-8011 | 0.00 | — | 0.02 | Feb 18, 2020 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. | |||
| CVE-2019-19230 | 0.00 | — | 0.04 | Dec 9, 2019 | An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | |||
| CVE-2019-13658 | 0.00 | — | 0.03 | Oct 2, 2019 | CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||
| CVE-2019-7393 | 0.00 | — | 0.02 | May 28, 2019 | A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | |||
| CVE-2019-7394 | 0.00 | — | 0.03 | May 28, 2019 | A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in… | |||
| CVE-2018-14597 | 0.00 | — | 0.01 | Oct 17, 2018 | CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | |||
| CVE-2015-3317 | 0.00 | — | 0.00 | Jun 17, 2015 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers… | |||
| CVE-2015-2827 | 0.00 | — | 0.02 | Apr 8, 2015 | Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-8472 | 0.00 | — | 0.02 | Nov 4, 2014 | CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-2279 | 0.00 | — | 0.02 | Mar 21, 2013 | CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof… | |||
| CVE-2012-2971 | 0.00 | — | 0.04 | Oct 20, 2012 | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. | |||
| CVE-2012-0692 | 0.00 | — | 0.00 | Oct 2, 2012 | CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors. | |||
| CVE-2011-4054 | 0.00 | — | 0.01 | Dec 8, 2011 | Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. | |||
| CVE-2011-1036 | 0.00 | — | 0.03 | Feb 25, 2011 | The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010,… | |||
| CVE-2010-2157 | 0.00 | — | 0.00 | Jun 7, 2010 | Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors. |
- risk 0.56cvss 8.6epss 0.02
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such…
- CVE-2020-8012Feb 18, 2020risk 0.10cvss —epss 0.78
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
- CVE-2021-44050Dec 2, 2021risk 0.00cvss —epss 0.01
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
- CVE-2020-29478Jan 5, 2021risk 0.00cvss —epss 0.01
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
- CVE-2020-28421Nov 23, 2020risk 0.00cvss —epss 0.00
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
- CVE-2020-11660Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
- CVE-2020-11659Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
- CVE-2020-11658Apr 15, 2020risk 0.00cvss —epss 0.02
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
- CVE-2020-11663Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-11661Apr 15, 2020risk 0.00cvss —epss 0.02
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
- CVE-2020-11666Apr 15, 2020risk 0.00cvss —epss 0.03
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
- CVE-2020-11665Apr 15, 2020risk 0.00cvss —epss 0.02
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-11664Apr 15, 2020risk 0.00cvss —epss 0.01
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
- CVE-2020-8011Feb 18, 2020risk 0.00cvss —epss 0.02
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
- CVE-2019-19230Dec 9, 2019risk 0.00cvss —epss 0.04
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
- CVE-2019-13658Oct 2, 2019risk 0.00cvss —epss 0.03
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
- CVE-2019-7393May 28, 2019risk 0.00cvss —epss 0.02
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
- CVE-2019-7394May 28, 2019risk 0.00cvss —epss 0.03
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in…
- CVE-2018-14597Oct 17, 2018risk 0.00cvss —epss 0.01
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
- CVE-2015-3317Jun 17, 2015risk 0.00cvss —epss 0.00
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers…
- CVE-2015-2827Apr 8, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-8472Nov 4, 2014risk 0.00cvss —epss 0.02
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2013-2279Mar 21, 2013risk 0.00cvss —epss 0.02
CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof…
- CVE-2012-2971Oct 20, 2012risk 0.00cvss —epss 0.04
The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request.
- CVE-2012-0692Oct 2, 2012risk 0.00cvss —epss 0.00
CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.
- CVE-2011-4054Dec 8, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
- CVE-2011-1036Feb 25, 2011risk 0.00cvss —epss 0.03
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010,…
- CVE-2010-2157Jun 7, 2010risk 0.00cvss —epss 0.00
Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.