CVE-2015-3317

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx	Vendor Advisory
http://www.securitytracker.com/id/1032512
http://www.securityfocus.com/bid/75033
http://www.securitytracker.com/id/1032513

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ca:client_automation:r12.9:::::::*
	cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.7:::::::*
	cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:::::::*
	cpe:2.3:a:ca:nsm_job_management_option:r11.0:::::::*
	cpe:2.3:a:ca:nsm_job_management_option:r11.1:::::::*
	cpe:2.3:a:ca:nsm_job_management_option:r11.2:::::::*
	cpe:2.3:a:ca:workload_automation_ae:r11.3.5:::::::*
	cpe:2.3:a:ca:workload_automation_ae:r11.3:::::::*
	cpe:2.3:a:ca:network_and_systems_management:r11.2:::::::*
	cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:::::::*
	cpe:2.3:a:ca:workload_automation_ae:r11.3.6:::::::*
	cpe:2.3:a:ca:client_automation:r12.8:::::::*
	cpe:2.3:a:ca:client_automation:r12.5:sp01::::::
	cpe:2.3:a:ca:workload_automation_ae:r11:::::::*
	cpe:2.3:a:ca:universal_job_management_agent:-:::::::*
	cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.6:::::::*

OR	cpe:2.3:o:oracle:solaris:-:::::::*
	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Information

Published : 2015-06-17 03:59

Updated : 2021-04-09 11:50

NVD link : CVE-2015-3317

Mitre link : CVE-2015-3317

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

virtual_assurance_for_infrastructure_managers
workload_automation_ae
client_automation
universal_job_management_agent
network_and_systems_management
nsm_job_management_option

ibm

hp-ux

linux

linux_kernel

oracle

solaris

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx", "name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1032512", "name": "1032512", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/75033", "name": "75033", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1032513", "name": "1032513", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-3317", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-06-17T10:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ca:client_automation:r12.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:nsm_job_management_option:r11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:nsm_job_management_option:r11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:nsm_job_management_option:r11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:workload_automation_ae:r11.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:workload_automation_ae:r11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:network_and_systems_management:r11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:workload_automation_ae:r11.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:client_automation:r12.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:client_automation:r12.5:sp01:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:workload_automation_ae:r11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:universal_job_management_agent:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-09T18:50Z"}

4.6 /10