CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13819
https://notcve.org/view.php?id=CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una clave secreta embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13821
https://notcve.org/view.php?id=CVE-2018-13821
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 25%CPEs: 1EXPL: 0CVE-2016-5803 – CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5803
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utiliza entrada externa para construir un nombre de ruta que debería estar dentro de un directorio restringido, pero no neutraliza adecuadamente secuencias como ".." que puede resolver a una ubicación que está fuera de ese directorio. This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. • http://www.securityfocus.com/bid/94243 https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2016-9165 – CA Unified Infrastructure Management get_sessions Session Information Disclosure Remote Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-9165
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. El servlet get_sessions en CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) en versiones anteriores a 8.5 y CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) permite a atacantes remotos tener ids sesion activa y en consecuencia evitar la autenticación o obtener privilegios a través de vectores no especificados. This vulnerability allows remote attackers to disclose session information on vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the get_sessions servlet. The servlet can return the session IDs for all active sessions. • http://www.securityfocus.com/bid/94257 http://www.zerodayinitiative.com/advisories/ZDI-16-606 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-9164 – CA Unified Infrastructure Management diag Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-9164
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el archivo diag.jsp en CA Unified Infrastructure Management (anteriormente CA Nimsoft Monitor) 8.4 SP1 y versiones anteriores y CA Unified Infrastructure Management Snap (anteriormente CA Nimsoft Monitor Snap) permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the diag.jsp servlet. The servlet is vulnerable to directory traversal and can be used to exfiltrate sensitive system files from the system. • http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html http://seclists.org/fulldisclosure/2016/Nov/55 http://www.securityfocus.com/bid/94257 http://www.zerodayinitiative.com/advisories/ZDI-16-607 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •