CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28248
https://notcve.org/view.php?id=CVE-2021-28248
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por la Restricción Inapropiada de Intentos de Autenticación Excesivos. Un atacante puede ser capaz de llevar a cabo una cantidad arbitrario de intentos de autenticación /web/frames/ usando diferentes contraseñas y, finalmente, conseguir acceso a una cuenta de destino. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles por el mantenedor. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28246
https://notcve.org/view.php?id=CVE-2021-28246
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de Privilegios por medio de una Dynamically Linked Shared Object Library. Un usuario normal debe crear una biblioteca maliciosa en el RPATH escribible, que se vinculará dinámicamente cuando se ejecutar el ejecutable emtgtctl2. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-426: Untrusted Search Path •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1899
https://notcve.org/view.php?id=CVE-2011-1899
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en CA eHealth v6.0.x, v6.1.x, v6.2.1 y v6.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetros no especificados. • http://secunia.com/advisories/44482 http://securityreason.com/securityalert/8252 http://securitytracker.com/id?1025518 http://www.securityfocus.com/archive/1/517956/100/0/threaded http://www.securityfocus.com/bid/47795 https://exchange.xforce.ibmcloud.com/vulnerabilities/67389 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B5662845D-4CD7-4CE6-8829-4F07A4C67366%7D • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0640
https://notcve.org/view.php?id=CVE-2010-0640
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en CA eHealth Performance Manager v6.0.x a la 6.2.x, cuando la detección de código malicioso HTML está deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de una petición manipulada. • http://seclists.org/fulldisclosure/2010/Feb/415 http://www.securityfocus.com/archive/1/509714/100/0/threaded http://www.securityfocus.com/bid/38376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •