CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28250
https://notcve.org/view.php?id=CVE-2021-28250
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de Privilegios por medio de un archivo setuid (y/o setgid). Cuando un componente... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28249
https://notcve.org/view.php?id=CVE-2021-28249
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, es... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28247
https://notcve.org/view.php?id=CVE-2021-28247
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and ... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0640
https://notcve.org/view.php?id=CVE-2010-0640
24 Feb 2010 — Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en CA eHealth Performance Manager v6.0.x a la 6.2.x, cuando la detección de código malicioso HTML está deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través d... • http://seclists.org/fulldisclosure/2010/Feb/415 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •