CVE-2018-6586
https://notcve.org/view.php?id=CVE-2018-6586
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR6 tiene una vulnerabilidad Cross Site Scripting almacenado relacionada con el procesamiento de las imágenes de perfil. • http://www.securitytracker.com/id/1040603 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6587
https://notcve.org/view.php?id=CVE-2018-6587
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. CA API Developer Portal desde la versión 3.5 hasta la 3.5 CR6 tiene una vulnerabilidad Cross Site Scripting reflejado relacionada con la variable widgetID. • http://www.securitytracker.com/id/1040603 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-9394
https://notcve.org/view.php?id=CVE-2017-9394
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la versión 12.6 de CA Identity Governance permite que atacantes remotos autenticados muestren HTML o ejecuten scripts en el contexto de otro usuario. • http://www.securityfocus.com/bid/101849 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-9393
https://notcve.org/view.php?id=CVE-2017-9393
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. CA Identity Manager de la versión r12.6 a la r12.6 SP8, 14.0 y 14.1 permite que los atacantes remotos identifiquen contraseñas de cuentas bloqueadas mediante una búsqueda exhaustiva. • http://www.securityfocus.com/bid/100956 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-8391
https://notcve.org/view.php?id=CVE-2017-8391
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. El componente de Administración de Instalación del Sistema Operativo en CA Client Automation versiones r12.9, r14.0 y r14.0 SP1, coloca una contraseña cifrada en un archivo local legible durante la instalación del sistema operativo, lo que permite a usuarios locales obtener información confidencial por la lectura de este archivo después de la instalación del sistema operativo. • http://www.securityfocus.com/bid/98344 http://www.securitytracker.com/id/1038410 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html • CWE-732: Incorrect Permission Assignment for Critical Resource •