CVE-2019-7394
https://notcve.org/view.php?id=CVE-2019-7394
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. Vulnerabilidad de escalado de privilegios en la interfaz de usuario administrativa de CA Technologies CA Strong Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 7.1. x y CA Risk Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 3.1. x permite que un atacante autenticado gane privilegios adicionales en algunos casos donde una cuenta tiene privilegios personalizados y limitados. • http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/May/43 http://www.securityfocus.com/bid/108483 https://seclists.org/bugtraq/2019/May/66 https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html • CWE-269: Improper Privilege Management •
CVE-2019-7393
https://notcve.org/view.php?id=CVE-2019-7393
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. Una vulnerabilidad de reparación de IU en la interfaz de usuario administrativa de CA Technologies CA Strong Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 7.1. x y CA Risk Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 3.1. x puede permitir a un atacante remoto obtener información confidencial en algunos casos • http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/May/43 http://www.securityfocus.com/bid/108483 https://seclists.org/bugtraq/2019/May/66 https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •