CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13822 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13822
30 Aug 2018 — Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. El almacenamiento no seguro de credenciales en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities exist that can all... • http://www.securityfocus.com/bid/105297 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13823 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13823
30 Aug 2018 — An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA PPM... • http://www.securityfocus.com/bid/105297 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13824 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13824
30 Aug 2018 — Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. El saneamieno insuficiente de entradas de dos parámetros en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de inyección SQL. CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PP... • http://www.securityfocus.com/bid/105297 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13825 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13825
30 Aug 2018 — Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. La validación insuficiente de entradas en la funcionalidad gridExcelExport en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de Cross-Site Scripting (XSS) reflejado. CA Technologies Support is alerti... • http://www.securityfocus.com/bid/105297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13826 – CA PPM Password Storage / SQL Injection / XML Injection
https://notcve.org/view.php?id=CVE-2018-13826
30 Aug 2018 — An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. Una vulnerabilidad de XEE (XML External Entity) en la funcionalidad XOG de CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos lleven a cabo ataques de Server-Side Request Forgery (SSRF). CA Technologies Support is alerting custo... • http://www.securityfocus.com/bid/105297 • CWE-611: Improper Restriction of XML External Entity Reference •