CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38499 – Improper Privilege Management Vulnerability in CA Client Automation 14.5
https://notcve.org/view.php?id=CVE-2024-38499
17 Dec 2024 — CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. The desktop and server management solution Broadcom CA DSM stores some configuration data of its agent component locally on managed systems in encrypted form. The ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19231 – CA Client Automation 14.x Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19231
20 Dec 2019 — An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. Se presenta una vulnerabilidad de acceso a archivo no seguro en CA Client Automation versiones 14.0, 14.1, 14.2 y 14.3, Agent para Windows lo que puede permitir a un atacante local alcanzar privilegios escalados. A vulnerability exists in CA Client Automation that can allow a local attacker to gain escalated privileges. CA published s... • https://github.com/hessandrew/CVE-2019-19231 • CWE-65: Windows Hard Link •
CVSS: 9.8EPSS: 14%CPEs: 3EXPL: 0CVE-2019-13656 – CA Common Services Distributed Intelligence Architecture (DIA) Code Execution
https://notcve.org/view.php?id=CVE-2019-13656
06 Sep 2019 — An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. Una vulnerabilidad de acceso en CA Common Services DIA de CA Technologies Client Automation versión 14 y Workload Automation AE versiones 11.3.5, 11.3.6, permite a un atacante remoto ejecutar código arbitrario. CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Common Services in the Distrib... • http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1CVE-2016-9795 – CA Common Services casrvc Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9795
27 Jan 2017 — The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validatio... • https://github.com/blogresponder/CA-Common-Services-privilege-escalation-cve-2016-9795-revisited • CWE-20: Improper Input Validation •