CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-7394
https://notcve.org/view.php?id=CVE-2019-7394
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. Vulnerabilidad de escalado de privilegios en la interfaz de usuario administrativa de CA Technologies CA Strong Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 7.1. x y CA Risk Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 3.1. x permite que un atacante autenticado gane privilegios adicionales en algunos casos donde una cuenta tiene privilegios personalizados y limitados. • http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/May/43 http://www.securityfocus.com/bid/108483 https://seclists.org/bugtraq/2019/May/66 https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19634
https://notcve.org/view.php?id=CVE-2018-19634
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. CA Service Desk Manager, en sus versiones 14.1 y 17, contiene una vulnerabilidad que puede permitir a un actor malicioso acceder a la información de las encuestas. • http://www.securityfocus.com/bid/106689 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19635
https://notcve.org/view.php?id=CVE-2018-19635
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. CA Service Desk Manager, en sus versiones 14.1 y 17, contiene una vulnerabilidad que puede permitir a un actor malicioso escalar privilegios en la interfaz del usuario. • http://www.securityfocus.com/bid/106689 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20190117-01-security-notice-for-ca-service-desk-manager.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13820
https://notcve.org/view.php?id=CVE-2018-13820
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una frase de contraseña embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13823
https://notcve.org/view.php?id=CVE-2018-13823
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos accedan a información sensible. • http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html • CWE-611: Improper Restriction of XML External Entity Reference •