Page 2 of 10 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una frase de contraseña embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una clave secreta embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el archivo diag.jsp en CA Unified Infrastructure Management (anteriormente CA Nimsoft Monitor) 8.4 SP1 y versiones anteriores y CA Unified Infrastructure Management Snap (anteriormente CA Nimsoft Monitor Snap) permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the diag.jsp servlet. The servlet is vulnerable to directory traversal and can be used to exfiltrate sensitive system files from the system. • http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html http://seclists.org/fulldisclosure/2016/Nov/55 http://www.securityfocus.com/bid/94257 http://www.zerodayinitiative.com/advisories/ZDI-16-607 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. El servlet get_sessions en CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) en versiones anteriores a 8.5 y CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) permite a atacantes remotos tener ids sesion activa y en consecuencia evitar la autenticación o obtener privilegios a través de vectores no especificados. This vulnerability allows remote attackers to disclose session information on vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the get_sessions servlet. The servlet can return the session IDs for all active sessions. • http://www.securityfocus.com/bid/94257 http://www.zerodayinitiative.com/advisories/ZDI-16-606 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.6EPSS: 25%CPEs: 1EXPL: 0

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utiliza entrada externa para construir un nombre de ruta que debería estar dentro de un directorio restringido, pero no neutraliza adecuadamente secuencias como ".." que puede resolver a una ubicación que está fuera de ese directorio. This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. • http://www.securityfocus.com/bid/94243 https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •