CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9027
https://notcve.org/view.php?id=CVE-2018-9027
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en las versiones 2.x de CA Privileged Access Manager permite que los atacantes remotos ejecuten scripts maliciosos con un enlace especialmente manipulado. • http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6589
https://notcve.org/view.php?id=CVE-2018-6589
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. CA Spectrum en versiones 10.1 anteriores a 10.01.02.PTF_10.1.239 y 10.2.x anteriores a la 10.2.3 permite que los atacantes provoquen una denegación de servicio (DoS) mediante vectores sin especificar. • https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180501-01--security-notice-for-ca-spectrum.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-8954
https://notcve.org/view.php?id=CVE-2018-8954
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. CA Workload Control Center en versiones anteriores a la r11.4 SP6 permite que los atacantes remotos ejecuten código arbitrario mediante una petición HTTP manipulada. • http://www.securityfocus.com/bid/103742 http://www.securitytracker.com/id/1040605 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-8953
https://notcve.org/view.php?id=CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. CA Workload Automation AE en versiones anteriores a la r11.3.6 SP7 permite que los atacantes remotos realicen una inyección SQL mediante una petición HTTP manipulada. • http://www.securityfocus.com/bid/103742 http://www.securitytracker.com/id/1040605 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6587
https://notcve.org/view.php?id=CVE-2018-6587
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR6 tiene una vulnerabilidad Cross Site Scripting reflejado relacionada con la variable widgetID. • http://www.securitytracker.com/id/1040603 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •