3 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. Se presenta una vulnerabilidad de acceso a archivo no seguro en CA Client Automation versiones 14.0, 14.1, 14.2 y 14.3, Agent para Windows lo que puede permitir a un atacante local alcanzar privilegios escalados. • https://github.com/hessandrew/CVE-2019-19231 http://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Jan/5 https://seclists.org/bugtraq/2019/Dec/41 https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/CA20191218-01-security-notice-for-ca-client-automation-agent-for-windows.html • CWE-65: Windows Hard Link •

CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. Una vulnerabilidad de acceso en CA Common Services DIA de CA Technologies Client Automation versión 14 y Workload Automation AE versiones 11.3.5, 11.3.6, permite a un atacante remoto ejecutar código arbitrario. • http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html http://seclists.org/fulldisclosure/2019/Sep/15 https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html https://seclists.org/bugtraq/2019/Sep/14 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. El programa casrvc en CA Common Services, tal como se usa en CA Client Automation 12.8, 12.9, y 14.0; CA SystemEDGE 5.8.2 y 5.9; CA Systems Performance for Infrastructure Managers 12.8 y 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 y 12.9; CA Workload Automation AE 11, 11.3, 11.3.5 y 11.3.6 en AIX, HP-UX, Linux y Solaris permite a usuarios locales modificar archivos arbitrarios y consecuentemente obtener privilegios de root a través de vectores relacionados con validación insuficiente. • http://www.securityfocus.com/archive/1/540062/100/0/threaded http://www.securityfocus.com/bid/95819 http://www.securitytracker.com/id/1037730 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html • CWE-20: Improper Input Validation •