CVE-2018-8953
https://notcve.org/view.php?id=CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. CA Workload Automation AE en versiones anteriores a la r11.3.6 SP7 permite que los atacantes remotos realicen una inyección SQL mediante una petición HTTP manipulada. • http://www.securityfocus.com/bid/103742 http://www.securitytracker.com/id/1040605 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180329-01--security-notice-for-ca-workload-automation-ae.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-3317
https://notcve.org/view.php?id=CVE-2015-3317
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors. CA Common Services, utilizado en CA Client Automation r12.5 SP01, r12.8, y r12.9; CA Network and Systems Management r11.0, r11.1, y r11.2; CA NSM Job Management Option r11.0, r11.1, y r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (también conocido como SystemEDGE) 12.6, 12.7, 12.8, y 12.9; y CA Workload Automation AE r11, r11.3, r11.3.5, y r11.3.6 en UNIX, no realiza correctamente la comprobación de límites, lo que permite a usuarios locales ganar privilegios a través de vectores no especificados. • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx http://www.securityfocus.com/bid/75033 http://www.securitytracker.com/id/1032512 http://www.securitytracker.com/id/1032513 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3316
https://notcve.org/view.php?id=CVE-2015-3316
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. CA Common Services, utilizado en CA Client Automation r12.5 SP01, r12.8, y r12.9; CA Network and Systems Management r11.0, r11.1, y r11.2; CA NSM Job Management Option r11.0, r11.1, y r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (también conocido como SystemEDGE) 12.6, 12.7, 12.8, y 12.9; y CA Workload Automation AE r11, r11.3, r11.3.5, y r11.3.6 en UNIX, permite a usuarios locales ganar privilegios a través de una variable de entorno no especificada. • http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx http://www.securityfocus.com/bid/75033 http://www.securitytracker.com/id/1032512 http://www.securitytracker.com/id/1032513 •