VYPR

Vendor CVEs

Ca

All CVEs

260 total · sorted by risk
  • CVE-2018-15691CriAug 30, 2018
    risk 0.68cvss 9.8epss 0.17

    Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.

  • CVE-2018-9021CriJun 18, 2018
    risk 0.68cvss 9.8epss 0.19

    An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

  • CVE-2015-4664CriJun 18, 2018
    risk 0.68cvss 9.8epss 0.21

    An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

  • CVE-2024-48204CriOct 25, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.

  • CVE-2018-13824CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.02

    Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

  • CVE-2018-13821CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.03

    A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.

  • CVE-2017-9393CriSep 22, 2017
    risk 0.64cvss 9.8epss 0.02

    CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

  • CVE-2018-13826CriAug 30, 2018
    risk 0.59cvss 9.1epss 0.02

    An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.

  • CVE-2015-6854CriMar 24, 2016
    risk 0.59cvss 9.1epss 0.01

    The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

  • CVE-2015-6853CriMar 24, 2016
    risk 0.59cvss 9.1epss 0.01

    The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive…

  • CVE-2018-8953HigApr 11, 2018
    risk 0.57cvss 8.8epss 0.03

    CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.

  • CVE-2016-6152HigJul 26, 2016
    risk 0.57cvss 8.8epss 0.03

    CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

  • CVE-2016-6151HigJul 26, 2016
    risk 0.57cvss 8.8epss 0.03

    CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

  • CVE-2016-5803HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.02

    An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such…

  • CVE-2016-10086HigJan 18, 2017
    risk 0.53cvss 8.1epss 0.02

    RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

  • CVE-2016-9795HigJan 27, 2017
    risk 0.51cvss 7.8epss 0.01

    The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers…

  • CVE-2018-13823HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.02

    An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.

  • CVE-2018-13822HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.

  • CVE-2018-13820HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.

  • CVE-2018-13819HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.

  • CVE-2018-6589HigMay 1, 2018
    risk 0.49cvss 7.5epss 0.02

    CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2016-9165HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication…

  • CVE-2016-9164HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via…

  • CVE-2015-8698HigJun 29, 2016
    risk 0.46cvss 7.1epss 0.01

    CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external…

  • CVE-2016-3118MedApr 6, 2016
    risk 0.42cvss 6.5epss 0.01

    CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.

  • CVE-2018-13825MedAug 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.

  • CVE-2018-6590MedAug 3, 2018
    risk 0.40cvss 6.1epss 0.01

    CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.

  • CVE-2018-6588MedMar 29, 2018
    risk 0.40cvss 6.1epss 0.01

    CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.

  • CVE-2018-6587MedMar 29, 2018
    risk 0.40cvss 6.1epss 0.01

    CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.

  • CVE-2018-6586MedMar 29, 2018
    risk 0.40cvss 6.1epss 0.01

    CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.

  • CVE-2016-9148MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.

  • CVE-2015-8699MedJun 29, 2016
    risk 0.40cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via…

  • CVE-2017-8391MedMay 6, 2017
    risk 0.36cvss 5.5epss 0.00

    The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after…

  • CVE-2017-9394MedNov 14, 2017
    risk 0.35cvss 5.4epss 0.01

    A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.

  • CVE-2018-7673MedMar 26, 2018
    risk 0.33cvss 5.1epss 0.01

    The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.

  • CVE-2018-7676LowMar 28, 2018
    risk 0.25cvss 3.9epss 0.01

    The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

  • CVE-2011-1653Apr 18, 2011
    risk 0.10cvss epss 0.89

    Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter,…

  • CVE-2010-0219Oct 18, 2010
    risk 0.10cvss epss 0.90

    Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web…

  • CVE-2011-3011Aug 15, 2011
    risk 0.09cvss epss 0.72

    BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.

  • CVE-2008-4397Oct 14, 2008
    risk 0.09cvss epss 0.81

    Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

  • CVE-2007-2139Apr 25, 2007
    risk 0.09cvss epss 0.78

    Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection…

  • CVE-2007-0449Jan 23, 2007
    risk 0.09cvss epss 0.79

    Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute…

  • CVE-2007-0169Jan 11, 2007
    risk 0.09cvss epss 0.69

    Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2)…

  • CVE-2006-6076Nov 24, 2006
    risk 0.09cvss epss 0.70

    Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.

  • CVE-2006-5143Oct 10, 2006
    risk 0.09cvss epss 0.78

    Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute…

  • CVE-2005-2668Aug 23, 2005
    risk 0.09cvss epss 0.75

    Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2005-2535Aug 10, 2005
    risk 0.09cvss epss 0.81

    Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.

  • CVE-2005-0260May 2, 2005
    risk 0.09cvss epss 0.70

    Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.

  • CVE-2012-1453Mar 21, 2012
    risk 0.08cvss epss 0.98

    The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus…

  • CVE-2012-1446Mar 21, 2012
    risk 0.08cvss epss 1.00

    The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher)…

Page 1 of 6