Search

Find a vulnerability

Search criteria

    12 vulnerabilities by CA Technologies, A Broadcom Company

    CVE-2020-29478 (GCVE-0-2020-29478)

    Vulnerability from nvd – Published: 2021-01-05 17:24 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-258 - Empty Password in Configuration File
    Assigner
    ca
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Service Catalog",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.2"
                },
                {
                  "status": "affected",
                  "version": "17.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-258",
                  "description": "CWE-258 Empty Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-05T17:24:46.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
            }
          ],
          "source": {
            "advisory": "CA20201215-01",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-29478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Service Catalog",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "17.2",
                                "version_value": "17.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "17.3",
                                "version_value": "17.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-258 Empty Password in Configuration File"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810",
                  "refsource": "CONFIRM",
                  "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
                }
              ]
            },
            "source": {
              "advisory": "CA20201215-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-29478",
        "datePublished": "2021-01-05T17:24:46.000Z",
        "dateReserved": "2020-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:09.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19230 (GCVE-0-2019-19230)

    Vulnerability from nvd – Published: 2019-12-09 20:36 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
    CWE
    Assigner
    ca
    References
    Impacted products
    Date Public
    2019-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
              },
              {
                "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Dec/16"
              },
              {
                "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Dec/16"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Release Automation",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                }
              ]
            }
          ],
          "datePublic": "2019-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-11T01:06:02.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
            },
            {
              "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/16"
            },
            {
              "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/16"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-12-09T00:00:00.000Z",
              "ID": "CVE-2019-19230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Release Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "6",
                                "version_value": "6.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2",
                  "refsource": "CONFIRM",
                  "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
                },
                {
                  "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Dec/16"
                },
                {
                  "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Dec/16"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-19230",
        "datePublished": "2019-12-09T20:36:49.352Z",
        "dateReserved": "2019-11-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:04.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13657 (GCVE-0-2019-13657)

    Vulnerability from nvd – Published: 2019-10-17 18:45 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    ca
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Performance Management Affected: 3.5.x
    Affected: 3.6.x before 3.6.9
    Affected: 3.7.x before 3.7.4
    Create a notification for this product.
    Date Public
    2019-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Oct/26"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
              },
              {
                "name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Performance Management",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5.x"
                },
                {
                  "status": "affected",
                  "version": "3.6.x before 3.6.9"
                },
                {
                  "status": "affected",
                  "version": "3.7.x before 3.7.4"
                }
              ]
            }
          ],
          "datePublic": "2019-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-18T18:06:13.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Oct/26"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
            },
            {
              "name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/37"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-10-15T04:00:00.000Z",
              "ID": "CVE-2019-13657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Performance Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.5.x"
                              },
                              {
                                "version_value": "3.6.x before 3.6.9"
                              },
                              {
                                "version_value": "3.7.x before 3.7.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Oct/26"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
                },
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html",
                  "refsource": "CONFIRM",
                  "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
                },
                {
                  "name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/37"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-13657",
        "datePublished": "2019-10-17T18:45:16.512Z",
        "dateReserved": "2019-07-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:44.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13658 (GCVE-0-2019-13658)

    Vulnerability from nvd – Published: 2019-10-02 16:14 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    ca
    References
    Date Public
    2019-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
              },
              {
                "name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/6"
              },
              {
                "name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Oct/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Network Flow Analysis",
              "vendor": "CA Technologies, a Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.x"
                }
              ]
            },
            {
              "product": "CA Network Flow Analysis",
              "vendor": "CA Technologies, a Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0.x"
                }
              ]
            }
          ],
          "datePublic": "2019-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-05T15:06:04.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
            },
            {
              "name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/6"
            },
            {
              "name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Oct/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-10-01T04:00:00.000Z",
              "ID": "CVE-2019-13658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Network Flow Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, a Broadcom Company"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Network Flow Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "10",
                                "version_value": "10.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, a Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html",
                  "refsource": "MISC",
                  "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
                },
                {
                  "name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/6"
                },
                {
                  "name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Oct/4"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-13658",
        "datePublished": "2019-10-02T16:14:53.392Z",
        "dateReserved": "2019-07-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:58.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7394 (GCVE-0-2019-7394)

    Vulnerability from nvd – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
    VLAI
    Summary
    A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7394",
        "datePublished": "2019-05-28T18:25:49.842Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:51.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7393 (GCVE-0-2019-7393)

    Vulnerability from nvd – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
    VLAI
    Summary
    A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
    Severity
    No CVSS data available.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7393",
        "datePublished": "2019-05-28T18:28:30.990Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:19:28.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29478 (GCVE-0-2020-29478)

    Vulnerability from cvelistv5 – Published: 2021-01-05 17:24 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-258 - Empty Password in Configuration File
    Assigner
    ca
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Service Catalog",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.2"
                },
                {
                  "status": "affected",
                  "version": "17.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-258",
                  "description": "CWE-258 Empty Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-05T17:24:46.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
            }
          ],
          "source": {
            "advisory": "CA20201215-01",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-29478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Service Catalog",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "17.2",
                                "version_value": "17.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "17.3",
                                "version_value": "17.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-258 Empty Password in Configuration File"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810",
                  "refsource": "CONFIRM",
                  "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
                }
              ]
            },
            "source": {
              "advisory": "CA20201215-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-29478",
        "datePublished": "2021-01-05T17:24:46.000Z",
        "dateReserved": "2020-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:09.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19230 (GCVE-0-2019-19230)

    Vulnerability from cvelistv5 – Published: 2019-12-09 20:36 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
    CWE
    Assigner
    ca
    References
    Impacted products
    Date Public
    2019-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
              },
              {
                "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Dec/16"
              },
              {
                "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Dec/16"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Release Automation",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                }
              ]
            }
          ],
          "datePublic": "2019-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-11T01:06:02.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
            },
            {
              "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Dec/16"
            },
            {
              "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/16"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-12-09T00:00:00.000Z",
              "ID": "CVE-2019-19230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Release Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "6",
                                "version_value": "6.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2",
                  "refsource": "CONFIRM",
                  "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
                },
                {
                  "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Dec/16"
                },
                {
                  "name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Dec/16"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-19230",
        "datePublished": "2019-12-09T20:36:49.352Z",
        "dateReserved": "2019-11-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:04.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13657 (GCVE-0-2019-13657)

    Vulnerability from cvelistv5 – Published: 2019-10-17 18:45 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    ca
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Performance Management Affected: 3.5.x
    Affected: 3.6.x before 3.6.9
    Affected: 3.7.x before 3.7.4
    Create a notification for this product.
    Date Public
    2019-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Oct/26"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
              },
              {
                "name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Performance Management",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5.x"
                },
                {
                  "status": "affected",
                  "version": "3.6.x before 3.6.9"
                },
                {
                  "status": "affected",
                  "version": "3.7.x before 3.7.4"
                }
              ]
            }
          ],
          "datePublic": "2019-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-18T18:06:13.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Oct/26"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
            },
            {
              "name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/37"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-10-15T04:00:00.000Z",
              "ID": "CVE-2019-13657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Performance Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.5.x"
                              },
                              {
                                "version_value": "3.6.x before 3.6.9"
                              },
                              {
                                "version_value": "3.7.x before 3.7.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Oct/26"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
                },
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html",
                  "refsource": "CONFIRM",
                  "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
                },
                {
                  "name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/37"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-13657",
        "datePublished": "2019-10-17T18:45:16.512Z",
        "dateReserved": "2019-07-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:44.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13658 (GCVE-0-2019-13658)

    Vulnerability from cvelistv5 – Published: 2019-10-02 16:14 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    ca
    References
    Date Public
    2019-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
              },
              {
                "name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/6"
              },
              {
                "name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Oct/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Network Flow Analysis",
              "vendor": "CA Technologies, a Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.x"
                }
              ]
            },
            {
              "product": "CA Network Flow Analysis",
              "vendor": "CA Technologies, a Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0.x"
                }
              ]
            }
          ],
          "datePublic": "2019-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-05T15:06:04.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
            },
            {
              "name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/6"
            },
            {
              "name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Oct/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-10-01T04:00:00.000Z",
              "ID": "CVE-2019-13658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Network Flow Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, a Broadcom Company"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Network Flow Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "10",
                                "version_value": "10.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, a Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html",
                  "refsource": "MISC",
                  "url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
                },
                {
                  "name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/6"
                },
                {
                  "name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Oct/4"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-13658",
        "datePublished": "2019-10-02T16:14:53.392Z",
        "dateReserved": "2019-07-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:58.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7393 (GCVE-0-2019-7393)

    Vulnerability from cvelistv5 – Published: 2019-05-28 18:28 – Updated: 2024-09-16 19:19
    VLAI
    Summary
    A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
    Severity
    No CVSS data available.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7393",
        "datePublished": "2019-05-28T18:28:30.990Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:19:28.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7394 (GCVE-0-2019-7394)

    Vulnerability from cvelistv5 – Published: 2019-05-28 18:25 – Updated: 2024-09-17 01:16
    VLAI
    Summary
    A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    CA Technologies, A Broadcom Company CA Strong Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 7.1.x
    Create a notification for this product.
    CA Technologies, A Broadcom Company CA Risk Authentication Affected: 9.0.x
    Affected: 8.2.x
    Affected: 8.1.x
    Affected: 8.0.x
    Affected: 3.1.x
    Create a notification for this product.
    Date Public
    2019-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:46:46.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/66"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
              },
              {
                "name": "108483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108483"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
              },
              {
                "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/43"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Strong Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.1.x"
                }
              ]
            },
            {
              "product": "CA Risk Authentication",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.x"
                },
                {
                  "status": "affected",
                  "version": "8.2.x"
                },
                {
                  "status": "affected",
                  "version": "8.1.x"
                },
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "3.1.x"
                }
              ]
            }
          ],
          "datePublic": "2019-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-30T03:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/66"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
            },
            {
              "name": "108483",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108483"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
            },
            {
              "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/43"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
              "ID": "CVE-2019-7394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Strong Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "7",
                                "version_value": "7.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CA Risk Authentication",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "9.0.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.2.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "8",
                                "version_value": "8.0.x"
                              },
                              {
                                "version_name": "3",
                                "version_value": "3.1.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/66"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
                },
                {
                  "name": "108483",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108483"
                },
                {
                  "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
                },
                {
                  "name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/43"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2019-7394",
        "datePublished": "2019-05-28T18:25:49.842Z",
        "dateReserved": "2019-02-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:51.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }