CVE-2018-13821
CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
La falta de autenticación en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes remotos lleven a cabo una serie de ataques, incluida la lectura/escritura de archivos.
CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-10 CVE Reserved
- 2018-08-30 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105199 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html | 2018-11-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ca Search vendor "Ca" | Unified Infrastructure Management Search vendor "Ca" for product "Unified Infrastructure Management" | 8.4.7 Search vendor "Ca" for product "Unified Infrastructure Management" and version "8.4.7" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Unified Infrastructure Management Search vendor "Ca" for product "Unified Infrastructure Management" | 8.5 Search vendor "Ca" for product "Unified Infrastructure Management" and version "8.5" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Unified Infrastructure Management Search vendor "Ca" for product "Unified Infrastructure Management" | 8.5.1 Search vendor "Ca" for product "Unified Infrastructure Management" and version "8.5.1" | - |
Affected
| ||||||