Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for CA Identity Governance by CA Technologies

    CVE-2018-14597 (GCVE-0-2018-14597)

    Vulnerability from nvd – Published: 2018-10-17 21:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
    Severity
    No CVSS data available.
    CWE
    • CWE-203 - Information Exposure Through Discrepancy
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
              },
              {
                "name": "105688",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105688"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Identity Governance",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.x"
                }
              ]
            }
          ],
          "datePublic": "2018-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203: Information Exposure Through Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-23T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
            },
            {
              "name": "105688",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105688"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2018-14597",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Identity Governance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-203: Information Exposure Through Discrepancy"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
                },
                {
                  "name": "105688",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105688"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-14597",
        "datePublished": "2018-10-17T21:00:00.000Z",
        "dateReserved": "2018-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9394 (GCVE-0-2017-9394)

    Vulnerability from nvd – Published: 2017-11-14 21:00 – Updated: 2024-09-17 02:26
    VLAI
    Summary
    A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) (CWE-79)
    Assigner
    ca
    References
    Impacted products
    Date Public
    2017-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101849",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101849"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "All"
              ],
              "product": "CA Identity Governance",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-Site Scripting (XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-16T10:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "101849",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101849"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2017-11-14T05:00:00.000Z",
              "ID": "CVE-2017-9394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Identity Governance",
                          "version": {
                            "version_data": [
                              {
                                "platform": "All",
                                "version_value": "12.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS) (CWE-79)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101849",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101849"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2017-9394",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2017-06-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:26:32.330Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14597 (GCVE-0-2018-14597)

    Vulnerability from cvelistv5 – Published: 2018-10-17 21:00 – Updated: 2024-08-05 09:29
    VLAI
    Summary
    CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
    Severity
    No CVSS data available.
    CWE
    • CWE-203 - Information Exposure Through Discrepancy
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:29:51.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
              },
              {
                "name": "105688",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105688"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Identity Governance",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.x"
                }
              ]
            }
          ],
          "datePublic": "2018-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203: Information Exposure Through Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-23T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
            },
            {
              "name": "105688",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105688"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2018-14597",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Identity Governance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-203: Information Exposure Through Discrepancy"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html"
                },
                {
                  "name": "105688",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105688"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-14597",
        "datePublished": "2018-10-17T21:00:00.000Z",
        "dateReserved": "2018-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:29:51.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9394 (GCVE-0-2017-9394)

    Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2024-09-17 02:26
    VLAI
    Summary
    A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) (CWE-79)
    Assigner
    ca
    References
    Impacted products
    Date Public
    2017-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101849",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101849"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "All"
              ],
              "product": "CA Identity Governance",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-Site Scripting (XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-16T10:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "101849",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101849"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2017-11-14T05:00:00.000Z",
              "ID": "CVE-2017-9394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Identity Governance",
                          "version": {
                            "version_data": [
                              {
                                "platform": "All",
                                "version_value": "12.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS) (CWE-79)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101849",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101849"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20171114-01--security-notice-for-ca-identity-governance.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2017-9394",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2017-06-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:26:32.330Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }