Refine your search
6 vulnerabilities found for by CA Technologies, A Broadcom Company
CVE-2020-29478 (GCVE-0-2020-29478)
Vulnerability from cvelistv5
Published
2021-01-05 17:24
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-258 - Empty Password in Configuration File
Summary
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Service Catalog |
Version: 17.2 Version: 17.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Service Catalog",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "17.2"
},
{
"status": "affected",
"version": "17.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T17:24:46.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
],
"source": {
"advisory": "CA20201215-01",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-29478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Service Catalog",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2"
},
{
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-258 Empty Password in Configuration File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810",
"refsource": "CONFIRM",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
]
},
"source": {
"advisory": "CA20201215-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-29478",
"datePublished": "2021-01-05T17:24:46.000Z",
"dateReserved": "2020-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:55:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19230 (GCVE-0-2019-19230)
Vulnerability from cvelistv5
Published
2019-12-09 20:36
Modified
2024-09-17 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Release Automation |
Version: 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/16"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Release Automation",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"datePublic": "2019-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T01:06:02.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Dec/16"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-12-09T00:00:00.000Z",
"ID": "CVE-2019-19230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Release Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "6",
"version_value": "6.6"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2",
"refsource": "CONFIRM",
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Dec/16"
},
{
"name": "20191210 CA20191209-01: Security Notice for CA Nolio (Release Automation)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/16"
},
{
"name": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-19230",
"datePublished": "2019-12-09T20:36:49.352Z",
"dateReserved": "2019-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:16:04.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13657 (GCVE-0-2019-13657)
Vulnerability from cvelistv5
Published
2019-10-17 18:45
Modified
2024-09-17 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Performance Management |
Version: 3.5.x Version: 3.6.x before 3.6.9 Version: 3.7.x before 3.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Performance Management",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "3.5.x"
},
{
"status": "affected",
"version": "3.6.x before 3.6.9"
},
{
"status": "affected",
"version": "3.7.x before 3.7.4"
}
]
}
],
"datePublic": "2019-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-18T18:06:13.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-10-15T04:00:00.000Z",
"ID": "CVE-2019-13657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Performance Management",
"version": {
"version_data": [
{
"version_value": "3.5.x"
},
{
"version_value": "3.6.x before 3.6.9"
},
{
"version_value": "3.7.x before 3.7.4"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191017 CA20191015-01: Security Notice for CA Performance Management",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/26"
},
{
"name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html"
},
{
"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html",
"refsource": "CONFIRM",
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html"
},
{
"name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-13657",
"datePublished": "2019-10-17T18:45:16.512Z",
"dateReserved": "2019-07-18T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:44.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13658 (GCVE-0-2019-13658)
Vulnerability from cvelistv5
Published
2019-10-02 16:14
Modified
2024-09-17 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, a Broadcom Company | CA Network Flow Analysis |
Version: 9.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
},
{
"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/6"
},
{
"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Network Flow Analysis",
"vendor": "CA Technologies, a Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.x"
}
]
},
{
"product": "CA Network Flow Analysis",
"vendor": "CA Technologies, a Broadcom Company",
"versions": [
{
"status": "affected",
"version": "10.0.x"
}
]
}
],
"datePublic": "2019-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T15:06:04.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
},
{
"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/6"
},
{
"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-10-01T04:00:00.000Z",
"ID": "CVE-2019-13658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Network Flow Analysis",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, a Broadcom Company"
},
{
"product": {
"product_data": [
{
"product_name": "CA Network Flow Analysis",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "10",
"version_value": "10.0.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, a Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/new-security-notice-ca-20190930-01-security-notice-for-ca-network-flow-analysis.html"
},
{
"name": "20191003 CA20190930-01: Security Notice for CA Network Flow Analysis",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/6"
},
{
"name": "20191004 CA20190930-01: Security Notice for CA Network Flow Analysis",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/4"
},
{
"name": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154739/CA-Network-Flow-Analysis-9.x-10.0.x-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-13658",
"datePublished": "2019-10-02T16:14:53.392Z",
"dateReserved": "2019-07-18T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:50:58.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7393 (GCVE-0-2019-7393)
Vulnerability from cvelistv5
Published
2019-05-28 18:28
Modified
2024-09-16 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Summary
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Version: 9.0.x Version: 8.2.x Version: 8.1.x Version: 8.0.x Version: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7393",
"datePublished": "2019-05-28T18:28:30.990Z",
"dateReserved": "2019-02-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:19:28.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7394 (GCVE-0-2019-7394)
Vulnerability from cvelistv5
Published
2019-05-28 18:25
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Strong Authentication |
Version: 9.0.x Version: 8.2.x Version: 8.1.x Version: 8.0.x Version: 7.1.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
],
"datePublic": "2019-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:01.000Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-05-23T04:00:00.000Z",
"ID": "CVE-2019-7394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Strong Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "7",
"version_value": "7.1.x"
}
]
}
},
{
"product_name": "CA Risk Authentication",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "9.0.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.2.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.1.x"
},
{
"version_affected": "=",
"version_name": "8",
"version_value": "8.0.x"
},
{
"version_name": "3",
"version_value": "3.1.x"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190527 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/66"
},
{
"name": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html"
},
{
"name": "108483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108483"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html"
},
{
"name": "20190529 CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/43"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-7394",
"datePublished": "2019-05-28T18:25:49.842Z",
"dateReserved": "2019-02-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:51.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}