CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28421
https://notcve.org/view.php?id=CVE-2020-28421
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. CA Unified Infrastructure Management versiones 20.1 y anteriores, contienen una vulnerabilidad en el componente robot (controller) que permite a atacantes locales escalar privilegios • http://seclists.org/fulldisclosure/2020/Nov/41 https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565 •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 1CVE-2020-8010 – CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-8010
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 y posteriores contienen una vulnerabilidad de manejo de ACL inadecuada en el componente robot (controlador). Un atacante remoto puede ejecutar comandos, leer o escribir en el sistema de destino • http://packetstormsecurity.com/files/158693/CA-Unified-Infrastructure-Management-Nimsoft-7.80-Buffer-Overflow.html https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8011
https://notcve.org/view.php?id=CVE-2020-8011
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x y 9.20 y posteriores contienen una vulnerabilidad de desviación de puntero nulo en el componente robot (controlador). Un atacante remoto puede bloquear el servicio del controlador • https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 53%CPEs: 3EXPL: 3CVE-2020-8012 – CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-8012
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 e inferiores contienen una vulnerabilidad de desbordamiento de búfer en el componente robot (controlador). Un atacante remoto puede ejecutar código arbitrario Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/48156 http://packetstormsecurity.com/files/156577/Nimsoft-nimcontroller-7.80-Remote-Code-Execution.html http://packetstormsecurity.com/files/158693/CA-Unified-Infrastructure-Management-Nimsoft-7.80-Buffer-Overflow.html https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-ma • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13820
https://notcve.org/view.php?id=CVE-2018-13820
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una frase de contraseña embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-798: Use of Hard-coded Credentials •