CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28421 – CA Unified Infrastructure Management Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-28421
21 Nov 2020 — CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. CA Unified Infrastructure Management versiones 20.1 y anteriores, contienen una vulnerabilidad en el componente robot (controller) que permite a atacantes locales escalar privilegios CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Unified Infrastructure Management. A vulnerability exists that can allow a loca... • http://seclists.org/fulldisclosure/2020/Nov/41 •
CVSS: 9.8EPSS: 80%CPEs: 3EXPL: 6CVE-2020-8012 – CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-8012
14 Feb 2020 — CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 e inferiores contienen una vulnerabilidad de desbordamiento de búfer en el componente robot (controlador). Un atacante remoto puede ejecutar código arbitrario CA Technologies, A Broadcom Company, is alerting customers to three vulne... • https://packetstorm.news/files/id/156577 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 80%CPEs: 3EXPL: 2CVE-2020-8010 – CA Unified Infrastructure Management Command Execution
https://notcve.org/view.php?id=CVE-2020-8010
14 Feb 2020 — CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 y posteriores contienen una vulnerabilidad de manejo de ACL inadecuada en el componente robot (controlador). Un atacante remoto puede ejecutar comandos, leer o escribir en el sistema de des... • https://packetstorm.news/files/id/158693 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2020-8011 – CA Unified Infrastructure Management Command Execution
https://notcve.org/view.php?id=CVE-2020-8011
14 Feb 2020 — CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x y 9.20 y posteriores contienen una vulnerabilidad de desviación de puntero nulo en el componente robot (controlador). Un atacante remoto puede bloquear el servicio del controlador CA Technologies, A Broadcom Company, is alert... • https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13819 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13819
30 Aug 2018 — A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una clave secreta embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is runnin... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13820 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13820
30 Aug 2018 — A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una frase de contraseña embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is ... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2018-13821 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13821
30 Aug 2018 — A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabil... • http://www.securityfocus.com/bid/105199 • CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 5%CPEs: 1EXPL: 0CVE-2016-5803 – CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5803
09 Nov 2016 — An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utili... • http://www.securityfocus.com/bid/94243 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9165 – CA Unified Infrastructure Management get_sessions Session Information Disclosure Remote Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-9165
09 Nov 2016 — The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. El servlet get_sessions en CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) en versiones anteriores a 8.5 y CA Unified Infrastructure Management Snap (formerly CA Nimsoft ... • http://www.securityfocus.com/bid/94257 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •