CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6587 – CA API Developer Portal Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6587
29 Mar 2018 — CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR6 tiene una vulnerabilidad Cross Site Scripting reflejado relacionada con la variable widgetID. CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site scripting attacks. • http://www.securitytracker.com/id/1040603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6588 – CA API Developer Portal Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6588
29 Mar 2018 — CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR5 tiene una vulnerabilidad Cross Site Scripting reflejado relacionada con apiExplorer. CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site scripting attacks. • http://www.securitytracker.com/id/1040603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9394 – CA Identity Governance 12.6 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-9394
14 Nov 2017 — A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la versión 12.6 de CA Identity Governance permite que atacantes remotos autenticados muestren HTML o ejecuten scripts en el contexto de otro usuario. CA Identity Governance version 12.6 suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/bid/101849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2017-9393
https://notcve.org/view.php?id=CVE-2017-9393
22 Sep 2017 — CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. CA Identity Manager de la versión r12.6 a la r12.6 SP8, 14.0 y 14.1 permite que los atacantes remotos identifiquen contraseñas de cuentas bloqueadas mediante una búsqueda exhaustiva. • http://www.securityfocus.com/bid/100956 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8391 – CA Client Automation OS Installation Management Insecure Storage
https://notcve.org/view.php?id=CVE-2017-8391
06 May 2017 — The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. El componente de Administración de Instalación del Sistema Operativo en CA Client Automation versiones r12.9, r14.0 y r14.0 SP1, coloca una contraseña cifrada en un archivo local legible durante la instalación ... • http://www.securityfocus.com/bid/98344 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1CVE-2016-9795 – CA Common Services casrvc Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9795
27 Jan 2017 — The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validatio... • https://github.com/blogresponder/CA-Common-Services-privilege-escalation-cve-2016-9795-revisited • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-10086 – CA Service Desk Manager 12.9 / 14.1 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10086
13 Jan 2017 — RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. Servicios web RESTful en CA Service Desk Manager 12.9 y CA Service Desk Management 14.1 podrían permitir usuarios remotos autenticados leer o modificar información de tareas aprovechando permisos incorrectos aplicados a una petición RESTful. CA Technologies support is alerting custo... • http://www.securityfocus.com/bid/95366 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9148 – CA Service Desk Manaager 12.9 / 14.1 Code Execution
https://notcve.org/view.php?id=CVE-2016-9148
10 Nov 2016 — Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. Vulnerabilidad de XSS en CA Service Desk Manager (anteriormente CA Service Desk) 12.9 y 14.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro QBE.EQ.REF_NUM. CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager... • http://packetstormsecurity.com/files/139660/CA-Service-Desk-Manaager-12.9-14.1-Code-Execution.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 5%CPEs: 1EXPL: 0CVE-2016-5803 – CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5803
09 Nov 2016 — An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utili... • http://www.securityfocus.com/bid/94243 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-9164 – CA Unified Infrastructure Management diag Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-9164
09 Nov 2016 — Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el archivo diag.jsp en CA Unified Infrastructure Management (anteriormente CA Nimsoft Monitor) 8.4 SP1 y versiones anteriores y CA Unified Infrastructure Management Snap (anter... • http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •