Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities found for privileged_access_manager by broadcom
CVE-2019-7392 (GCVE-0-2019-7392)
Vulnerability from cvelistv5 – Published: 2019-02-26 18:00 – Updated: 2024-08-04 20:46
VLAI?
Summary
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2019-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-27T10:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "107040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2019-7392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107040"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "MISC",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7392",
"datePublished": "2019-02-26T18:00:00.000Z",
"dateReserved": "2019-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:46.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9026 (GCVE-0-2018-9026)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 19:10
VLAI?
Summary
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
Severity ?
No CVSS data available.
CWE
- Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session Fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9026",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:25.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9022 (GCVE-0-2018-9022)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.8.2 and earlier
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.8.2 and earlier"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T22:06:08.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.8.2 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9022",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:32.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9024 (GCVE-0-2018-9024)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
Severity ?
No CVSS data available.
CWE
- Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9024",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:45.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9029 (GCVE-0-2018-9029)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9029",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:35.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9021 (GCVE-0-2018-9021)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.8.2 and earlier
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.8.2 and earlier"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T22:06:09.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.8.2 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9021",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:43:19.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9028 (GCVE-0-2018-9028)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 23:15
VLAI?
Summary
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
Severity ?
No CVSS data available.
CWE
- Weak Cryptography for Passwords
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Cryptography for Passwords",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Cryptography for Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9028",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:27.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9023 (GCVE-0-2018-9023)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 22:01
VLAI?
Summary
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9023",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:45.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4664 (GCVE-0-2015-4664)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.4.4.4 and earlier
|
Date Public ?
2015-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37708/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.4.4.4 and earlier"
}
]
}
],
"datePublic": "2015-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37708/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2015-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.4.4.4 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"name": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37708/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2015-4664",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2015-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9025 (GCVE-0-2018-9025)
Vulnerability from cvelistv5 – Published: 2018-06-18 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9025",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:11.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7392 (GCVE-0-2019-7392)
Vulnerability from nvd – Published: 2019-02-26 18:00 – Updated: 2024-08-04 20:46
VLAI?
Summary
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2019-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-27T10:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "107040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2019-7392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107040"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "MISC",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7392",
"datePublished": "2019-02-26T18:00:00.000Z",
"dateReserved": "2019-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:46.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9029 (GCVE-0-2018-9029)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9029",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:35.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9028 (GCVE-0-2018-9028)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-16 23:15
VLAI?
Summary
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
Severity ?
No CVSS data available.
CWE
- Weak Cryptography for Passwords
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Cryptography for Passwords",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Cryptography for Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9028",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:27.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9026 (GCVE-0-2018-9026)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-16 19:10
VLAI?
Summary
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
Severity ?
No CVSS data available.
CWE
- Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session Fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9026",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:25.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9025 (GCVE-0-2018-9025)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9025",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:11.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9024 (GCVE-0-2018-9024)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
Severity ?
No CVSS data available.
CWE
- Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9024",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:45.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9023 (GCVE-0-2018-9023)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-16 22:01
VLAI?
Summary
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.x
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.x"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9023",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:45.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9022 (GCVE-0-2018-9022)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.8.2 and earlier
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.8.2 and earlier"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T22:06:08.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.8.2 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9022",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:32.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9021 (GCVE-0-2018-9021)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.8.2 and earlier
|
Date Public ?
2018-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.8.2 and earlier"
}
]
}
],
"datePublic": "2018-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T22:06:09.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "104496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-06-14T00:00:00",
"ID": "CVE-2018-9021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.8.2 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2018-9021",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2018-03-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:43:19.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4664 (GCVE-0-2015-4664)
Vulnerability from nvd – Published: 2018-06-18 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies | CA Privileged Access Manager |
Affected:
2.4.4.4 and earlier
|
Date Public ?
2015-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37708/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Privileged Access Manager",
"vendor": "CA Technologies",
"versions": [
{
"status": "affected",
"version": "2.4.4.4 and earlier"
}
]
}
],
"datePublic": "2015-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37708/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2015-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Privileged Access Manager",
"version": {
"version_data": [
{
"version_value": "2.4.4.4 and earlier"
}
]
}
}
]
},
"vendor_name": "CA Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
},
{
"name": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html"
},
{
"name": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt",
"refsource": "MISC",
"url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt"
},
{
"name": "37708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37708/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2015-4664",
"datePublished": "2018-06-18T18:00:00.000Z",
"dateReserved": "2015-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}