Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for CA Strong Authentication by CA Technologies, A Broadcom Company

    CVE-2019-7394 (GCVE-0-2019-7394)

    Vulnerability from nvd – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
    VLAI
    Summary
    A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7394",
        "datePublished": "2019-05-28T18:25:49.842Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:51.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7393 (GCVE-0-2019-7393)

    Vulnerability from nvd – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
    VLAI
    Summary
    A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
    Severity
    No CVSS data available.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7393",
        "datePublished": "2019-05-28T18:28:30.990Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:19:28.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7393 (GCVE-0-2019-7393)

    Vulnerability from cvelistv5 – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
    VLAI
    Summary
    A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
    Severity
    No CVSS data available.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7393",
        "datePublished": "2019-05-28T18:28:30.990Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:19:28.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7394 (GCVE-0-2019-7394)

    Vulnerability from cvelistv5 – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
    VLAI
    Summary
    A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7394",
        "datePublished": "2019-05-28T18:25:49.842Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:51.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }