CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13819 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13819
30 Aug 2018 — A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una clave secreta embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is runnin... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13820 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13820
30 Aug 2018 — A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una frase de contraseña embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is ... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2018-13821 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13821
30 Aug 2018 — A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabil... • http://www.securityfocus.com/bid/105199 • CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 5%CPEs: 1EXPL: 0CVE-2016-5803 – CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5803
09 Nov 2016 — An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utili... • http://www.securityfocus.com/bid/94243 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-9164 – CA Unified Infrastructure Management diag Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-9164
09 Nov 2016 — Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el archivo diag.jsp en CA Unified Infrastructure Management (anteriormente CA Nimsoft Monitor) 8.4 SP1 y versiones anteriores y CA Unified Infrastructure Management Snap (anter... • http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9165 – CA Unified Infrastructure Management get_sessions Session Information Disclosure Remote Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-9165
09 Nov 2016 — The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. El servlet get_sessions en CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) en versiones anteriores a 8.5 y CA Unified Infrastructure Management Snap (formerly CA Nimsoft ... • http://www.securityfocus.com/bid/94257 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •