CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2018-13821 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13821
30 Aug 2018 — A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabil... • http://www.securityfocus.com/bid/105199 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13826 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13826
30 Aug 2018 — An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos lleven a cabo ataques de Server-Side Request Forgery (SSRF). CA Technologies Support is alerting custo... • http://www.securityfocus.com/bid/105297 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13824 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13824
30 Aug 2018 — Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. El saneamieno insuficiente de entradas de dos parámetros en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de inyección SQL. CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PP... • http://www.securityfocus.com/bid/105297 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13819 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13819
30 Aug 2018 — A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una clave secreta embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is runnin... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13823 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13823
30 Aug 2018 — An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA PPM... • http://www.securityfocus.com/bid/105297 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9027 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9027
15 Jun 2018 — A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en las versiones 2.x de CA Privileged Access Manager permite que los atacantes remotos ejecuten scripts maliciosos con un enlace especialmente manipulado. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilitie... • http://www.securityfocus.com/bid/104496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-6589 – CA Spectrum 10.1.x / 10.2.x Denial of Service
https://notcve.org/view.php?id=CVE-2018-6589
01 May 2018 — CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. CA Spectrum en versiones 10.1 anteriores a 10.01.02.PTF_10.1.239 y 10.2.x anteriores a la 10.2.3 permite que los atacantes provoquen una denegación de servicio (DoS) mediante vectores sin especificar. CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker t... • https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 14%CPEs: 6EXPL: 0CVE-2018-8954 – CA Workload Automation AE / CA Workload Control Center SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2018-8954
30 Mar 2018 — CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. CA Workload Control Center en versiones anteriores a la r11.4 SP6 permite que los atacantes remotos ejecuten código arbitrario mediante una petición HTTP manipulada. CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attacks ... • http://www.securityfocus.com/bid/103742 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2018-8953 – CA Workload Automation AE / CA Workload Control Center SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2018-8953
30 Mar 2018 — CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. CA Workload Automation AE en versiones anteriores a la r11.3.6 SP7 permite que los atacantes remotos realicen una inyección SQL mediante una petición HTTP manipulada. CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attac... • http://www.securityfocus.com/bid/103742 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6588 – CA API Developer Portal Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6588
29 Mar 2018 — CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR5 tiene una vulnerabilidad Cross Site Scripting reflejado relacionada con apiExplorer. CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site scripting attacks. • http://www.securitytracker.com/id/1040603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •