CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19231
https://notcve.org/view.php?id=CVE-2019-19231
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. Se presenta una vulnerabilidad de acceso a archivo no seguro en CA Client Automation versiones 14.0, 14.1, 14.2 y 14.3, Agent para Windows lo que puede permitir a un atacante local alcanzar privilegios escalados. • https://github.com/hessandrew/CVE-2019-19231 http://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Jan/5 https://seclists.org/bugtraq/2019/Dec/41 https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/CA20191218-01-security-notice-for-ca-client-automation-agent-for-windows.html • CWE-65: Windows Hard Link •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2019-13656
https://notcve.org/view.php?id=CVE-2019-13656
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. Una vulnerabilidad de acceso en CA Common Services DIA de CA Technologies Client Automation versión 14 y Workload Automation AE versiones 11.3.5, 11.3.6, permite a un atacante remoto ejecutar código arbitrario. • http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html http://seclists.org/fulldisclosure/2019/Sep/15 https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html https://seclists.org/bugtraq/2019/Sep/14 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2016-9795
https://notcve.org/view.php?id=CVE-2016-9795
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. El programa casrvc en CA Common Services, tal como se usa en CA Client Automation 12.8, 12.9, y 14.0; CA SystemEDGE 5.8.2 y 5.9; CA Systems Performance for Infrastructure Managers 12.8 y 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 y 12.9; CA Workload Automation AE 11, 11.3, 11.3.5 y 11.3.6 en AIX, HP-UX, Linux y Solaris permite a usuarios locales modificar archivos arbitrarios y consecuentemente obtener privilegios de root a través de vectores relacionados con validación insuficiente. • http://www.securityfocus.com/archive/1/540062/100/0/threaded http://www.securityfocus.com/bid/95819 http://www.securitytracker.com/id/1037730 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3316
https://notcve.org/view.php?id=CVE-2015-3316
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. CA Common Services, utilizado en CA Client Automation r12.5 SP01, r12.8, y r12.9; CA Network and Systems Management r11.0, r11.1, y r11.2; CA NSM Job Management Option r11.0, r11.1, y r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (también conocido como SystemEDGE) 12.6, 12.7, 12.8, y 12.9; y CA Workload Automation AE r11, r11.3, r11.3.5, y r11.3.6 en UNIX, permite a usuarios locales ganar privilegios a través de una variable de entorno no especificada. • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx http://www.securityfocus.com/bid/75033 http://www.securitytracker.com/id/1032512 http://www.securitytracker.com/id/1032513 •