CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28248
https://notcve.org/view.php?id=CVE-2021-28248
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por la Restricción Inapropiada de Intentos de Autenticaci... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28246
https://notcve.org/view.php?id=CVE-2021-28246
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de ... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 1%CPEs: 3EXPL: 0CVE-2016-6151 – CA eHealth Denial of Service / Code Execution
https://notcve.org/view.php?id=CVE-2016-6151
22 Jul 2016 — CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. CA eHealth 6.2.x permite a usuarios remotos autenticados provocar una denegación de servicio o posiblemente ejecutar comandos arbitrarios a través de vectores no especificados. CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface that can allow a remote authenticated attacker to cau... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx •
CVSS: 9.0EPSS: 1%CPEs: 18EXPL: 0CVE-2016-6152 – CA eHealth Denial of Service / Code Execution
https://notcve.org/view.php?id=CVE-2016-6152
22 Jul 2016 — CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. CA eHealth 6.2.x y 6.3.x en versiones anteriores a 6.3.2.13 permite a usuarios remotos autenticados provocar una denegación de servicio o posiblemente ejecutar comandos arbitrarios a través de vectores no especificados. CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in th... • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1899
https://notcve.org/view.php?id=CVE-2011-1899
16 May 2011 — Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en CA eHealth v6.0.x, v6.1.x, v6.2.1 y v6.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetros no especificados. • http://secunia.com/advisories/44482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •