CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2018-13821 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13821
30 Aug 2018 — A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabil... • http://www.securityfocus.com/bid/105199 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13823 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13823
30 Aug 2018 — An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA PPM... • http://www.securityfocus.com/bid/105297 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13824 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13824
30 Aug 2018 — Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. El saneamieno insuficiente de entradas de dos parámetros en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de inyección SQL. CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PP... • http://www.securityfocus.com/bid/105297 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13825 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13825
30 Aug 2018 — Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. La validación insuficiente de entradas en la funcionalidad gridExcelExport en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de Cross-Site Scripting (XSS) reflejado. CA Technologies Support is alerti... • http://www.securityfocus.com/bid/105297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13826 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13826
30 Aug 2018 — An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos lleven a cabo ataques de Server-Side Request Forgery (SSRF). CA Technologies Support is alerting custo... • http://www.securityfocus.com/bid/105297 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9027 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9027
15 Jun 2018 — A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en las versiones 2.x de CA Privileged Access Manager permite que los atacantes remotos ejecuten scripts maliciosos con un enlace especialmente manipulado. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilitie... • http://www.securityfocus.com/bid/104496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-6589 – CA Spectrum 10.1.x / 10.2.x Denial of Service
https://notcve.org/view.php?id=CVE-2018-6589
01 May 2018 — CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. CA Spectrum en versiones 10.1 anteriores a 10.01.02.PTF_10.1.239 y 10.2.x anteriores a la 10.2.3 permite que los atacantes provoquen una denegación de servicio (DoS) mediante vectores sin especificar. CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker t... • https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2018-8953 – CA Workload Automation AE / CA Workload Control Center SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2018-8953
30 Mar 2018 — CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. CA Workload Automation AE en versiones anteriores a la r11.3.6 SP7 permite que los atacantes remotos realicen una inyección SQL mediante una petición HTTP manipulada. CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attac... • http://www.securityfocus.com/bid/103742 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 14%CPEs: 6EXPL: 0CVE-2018-8954 – CA Workload Automation AE / CA Workload Control Center SQL Injection / Code Execution
https://notcve.org/view.php?id=CVE-2018-8954
30 Mar 2018 — CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. CA Workload Control Center en versiones anteriores a la r11.4 SP6 permite que los atacantes remotos ejecuten código arbitrario mediante una petición HTTP manipulada. CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attacks ... • http://www.securityfocus.com/bid/103742 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6586 – CA API Developer Portal Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6586
29 Mar 2018 — CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR6 tiene una vulnerabilidad Cross Site Scripting almacenado relacionada con el procesamiento de las imágenes de perfil. CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site ... • http://www.securitytracker.com/id/1040603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •