1 results (0.002 seconds)

CVSS: 8.6EPSS: 25%CPEs: 1EXPL: 0

CVE-2016-5803 – CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-5803

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utiliza entrada externa para construir un nombre de ruta que debería estar dentro de un directorio restringido, pero no neutraliza adecuadamente secuencias como ".." que puede resolver a una ubicación que está fuera de ese directorio. This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. • http://www.securityfocus.com/bid/94243 https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •