Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for unified_infrastructure_management by ca

    CVE-2018-13821 (GCVE-0-2018-13821)

    Vulnerability from nvd – Published: 2018-08-30 14:00 – Updated: 2024-09-16 22:45
    VLAI
    Summary
    A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
    Severity
    No CVSS data available.
    CWE
    • Missing Authentication
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105199"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Infrastructure Management",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5.1, 8.5, 8.4.7"
                }
              ]
            }
          ],
          "datePublic": "2018-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "105199",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105199"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2018-08-29T00:00:00",
              "ID": "CVE-2018-13821",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5.1, 8.5, 8.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105199",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105199"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-13821",
        "datePublished": "2018-08-30T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:45:26.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13820 (GCVE-0-2018-13820)

    Vulnerability from nvd – Published: 2018-08-30 14:00 – Updated: 2024-09-16 17:27
    VLAI
    Summary
    A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Password
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105199"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Infrastructure Management",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5.1, 8.5, 8.4.7"
                }
              ]
            }
          ],
          "datePublic": "2018-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "105199",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105199"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2018-08-29T00:00:00",
              "ID": "CVE-2018-13820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5.1, 8.5, 8.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105199",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105199"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-13820",
        "datePublished": "2018-08-30T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:27:47.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13819 (GCVE-0-2018-13819)

    Vulnerability from nvd – Published: 2018-08-30 14:00 – Updated: 2024-09-16 19:09
    VLAI
    Summary
    A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Cryptographic Key
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105199"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Infrastructure Management",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5.1, 8.5, 8.4.7"
                }
              ]
            }
          ],
          "datePublic": "2018-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "105199",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105199"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2018-08-29T00:00:00",
              "ID": "CVE-2018-13819",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5.1, 8.5, 8.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105199",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105199"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-13819",
        "datePublished": "2018-08-30T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:09:57.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9165 (GCVE-0-2016-9165)

    Vulnerability from nvd – Published: 2017-03-20 16:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-11-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94257"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "94257",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94257"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-9165",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94257",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94257"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-606",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
                },
                {
                  "name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-9165",
        "datePublished": "2017-03-20T16:00:00.000Z",
        "dateReserved": "2016-11-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9164 (GCVE-0-2016-9164)

    Vulnerability from nvd – Published: 2017-03-07 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94257"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"
              },
              {
                "name": "20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Nov/55"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-607"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-07T12:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "94257",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94257"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"
            },
            {
              "name": "20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Nov/55"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-607"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-9164",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94257",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94257"
                },
                {
                  "name": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"
                },
                {
                  "name": "20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Nov/55"
                },
                {
                  "name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-607",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-607"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-9164",
        "datePublished": "2017-03-07T15:00:00.000Z",
        "dateReserved": "2016-11-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:10.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13819 (GCVE-0-2018-13819)

    Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 19:09
    VLAI
    Summary
    A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Cryptographic Key
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105199"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Infrastructure Management",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5.1, 8.5, 8.4.7"
                }
              ]
            }
          ],
          "datePublic": "2018-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "105199",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105199"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2018-08-29T00:00:00",
              "ID": "CVE-2018-13819",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5.1, 8.5, 8.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105199",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105199"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-13819",
        "datePublished": "2018-08-30T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:09:57.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13820 (GCVE-0-2018-13820)

    Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 17:27
    VLAI
    Summary
    A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Password
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105199"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Infrastructure Management",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5.1, 8.5, 8.4.7"
                }
              ]
            }
          ],
          "datePublic": "2018-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "105199",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105199"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2018-08-29T00:00:00",
              "ID": "CVE-2018-13820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5.1, 8.5, 8.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105199",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105199"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-13820",
        "datePublished": "2018-08-30T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:27:47.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13821 (GCVE-0-2018-13821)

    Vulnerability from cvelistv5 – Published: 2018-08-30 14:00 – Updated: 2024-09-16 22:45
    VLAI
    Summary
    A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
    Severity
    No CVSS data available.
    CWE
    • Missing Authentication
    Assigner
    ca
    References
    Impacted products
    Date Public
    2018-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:14:47.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105199"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Infrastructure Management",
              "vendor": "CA Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5.1, 8.5, 8.4.7"
                }
              ]
            }
          ],
          "datePublic": "2018-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-06T09:57:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "105199",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105199"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2018-08-29T00:00:00",
              "ID": "CVE-2018-13821",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.5.1, 8.5, 8.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105199",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105199"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2018-13821",
        "datePublished": "2018-08-30T14:00:00.000Z",
        "dateReserved": "2018-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:45:26.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9165 (GCVE-0-2016-9165)

    Vulnerability from cvelistv5 – Published: 2017-03-20 16:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-11-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:11.034Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94257"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-20T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "94257",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94257"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-9165",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94257",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94257"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-606",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606"
                },
                {
                  "name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-9165",
        "datePublished": "2017-03-20T16:00:00.000Z",
        "dateReserved": "2016-11-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:11.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9164 (GCVE-0-2016-9164)

    Vulnerability from cvelistv5 – Published: 2017-03-07 15:00 – Updated: 2024-08-06 02:42
    VLAI
    Summary
    Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94257"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"
              },
              {
                "name": "20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Nov/55"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-607"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-07T12:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "94257",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94257"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"
            },
            {
              "name": "20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Nov/55"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-607"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-9164",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94257",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94257"
                },
                {
                  "name": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"
                },
                {
                  "name": "20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Nov/55"
                },
                {
                  "name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-607",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-607"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-9164",
        "datePublished": "2017-03-07T15:00:00.000Z",
        "dateReserved": "2016-11-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:42:10.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }