CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28421
https://notcve.org/view.php?id=CVE-2020-28421
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. CA Unified Infrastructure Management versiones 20.1 y anteriores, contienen una vulnerabilidad en el componente robot (controller) que permite a atacantes locales escalar privilegios • http://seclists.org/fulldisclosure/2020/Nov/41 https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8011
https://notcve.org/view.php?id=CVE-2020-8011
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x y 9.20 y posteriores contienen una vulnerabilidad de desviación de puntero nulo en el componente robot (controlador). Un atacante remoto puede bloquear el servicio del controlador • https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 1CVE-2020-8010 – CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-8010
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 y posteriores contienen una vulnerabilidad de manejo de ACL inadecuada en el componente robot (controlador). Un atacante remoto puede ejecutar comandos, leer o escribir en el sistema de destino • http://packetstormsecurity.com/files/158693/CA-Unified-Infrastructure-Management-Nimsoft-7.80-Buffer-Overflow.html https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html •
CVSS: 9.8EPSS: 54%CPEs: 3EXPL: 3CVE-2020-8012 – CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-8012
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, y 9.20 e inferiores contienen una vulnerabilidad de desbordamiento de búfer en el componente robot (controlador). Un atacante remoto puede ejecutar código arbitrario Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/48156 http://packetstormsecurity.com/files/156577/Nimsoft-nimcontroller-7.80-Remote-Code-Execution.html http://packetstormsecurity.com/files/158693/CA-Unified-Infrastructure-Management-Nimsoft-7.80-Buffer-Overflow.html https://support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832 https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-ma • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13821
https://notcve.org/view.php?id=CVE-2018-13821
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos. • http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html • CWE-287: Improper Authentication •