CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13823
https://notcve.org/view.php?id=CVE-2018-13823
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos accedan a información sensible. • http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13822
https://notcve.org/view.php?id=CVE-2018-13822
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. El almacenamiento no seguro de credenciales en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes accedan a información sensible. • http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13824
https://notcve.org/view.php?id=CVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. El saneamieno insuficiente de entradas de dos parámetros en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de inyección SQL. • http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13825
https://notcve.org/view.php?id=CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. La validación insuficiente de entradas en la funcionalidad gridExcelExport en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de Cross-Site Scripting (XSS) reflejado. • http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13826
https://notcve.org/view.php?id=CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos lleven a cabo ataques de Server-Side Request Forgery (SSRF). • http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html • CWE-611: Improper Restriction of XML External Entity Reference •