CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28248
https://notcve.org/view.php?id=CVE-2021-28248
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por la Restricción Inapropiada de Intentos de Autenticación Excesivos. Un atacante puede ser capaz de llevar a cabo una cantidad arbitrario de intentos de autenticación /web/frames/ usando diferentes contraseñas y, finalmente, conseguir acceso a una cuenta de destino. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles por el mantenedor. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28246
https://notcve.org/view.php?id=CVE-2021-28246
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de Privilegios por medio de una Dynamically Linked Shared Object Library. Un usuario normal debe crear una biblioteca maliciosa en el RPATH escribible, que se vinculará dinámicamente cuando se ejecutar el ejecutable emtgtctl2. • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6151
https://notcve.org/view.php?id=CVE-2016-6151
CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. CA eHealth 6.2.x permite a usuarios remotos autenticados provocar una denegación de servicio o posiblemente ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx http://www.securityfocus.com/bid/92107 http://www.securitytracker.com/id/1036433 •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2016-6152
https://notcve.org/view.php?id=CVE-2016-6152
CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. CA eHealth 6.2.x y 6.3.x en versiones anteriores a 6.3.2.13 permite a usuarios remotos autenticados provocar una denegación de servicio o posiblemente ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160721-01-security-notice-for-ca-ehealth.aspx http://www.securityfocus.com/bid/92107 http://www.securitytracker.com/id/1036433 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1899
https://notcve.org/view.php?id=CVE-2011-1899
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en CA eHealth v6.0.x, v6.1.x, v6.2.1 y v6.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetros no especificados. • http://secunia.com/advisories/44482 http://securityreason.com/securityalert/8252 http://securitytracker.com/id?1025518 http://www.securityfocus.com/archive/1/517956/100/0/threaded http://www.securityfocus.com/bid/47795 https://exchange.xforce.ibmcloud.com/vulnerabilities/67389 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B5662845D-4CD7-4CE6-8829-4F07A4C67366%7D • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •