Filtered by vendor Broadcom
Subscribe
Total
444 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2021-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | |||||
CVE-2018-13825 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2021-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | |||||
CVE-2019-7392 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | |||||
CVE-2018-9023 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 9.0 HIGH | 8.8 HIGH |
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | |||||
CVE-2018-9024 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | |||||
CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||
CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 5.0 MEDIUM | 7.5 HIGH |
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | |||||
CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 5.0 MEDIUM | 7.5 HIGH |
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | |||||
CVE-2018-9025 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 5.0 MEDIUM | 7.5 HIGH |
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | |||||
CVE-2015-4664 | 2 Broadcom, Xceedium | 2 Privileged Access Manager, Xsuite | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | |||||
CVE-2015-6853 | 1 Broadcom | 1 Single Sign-on | 2021-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
CVE-2015-6854 | 1 Broadcom | 1 Single Sign-on | 2021-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
CVE-2008-4119 | 2 Broadcom, Ca | 2 Service Desk, Cmdb | 2021-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." | |||||
CVE-2006-5143 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 2 more | 2021-04-09 | 7.5 HIGH | N/A |
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. | |||||
CVE-2013-2630 | 1 Broadcom | 1 Service Desk Manager | 2021-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2008-4400 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." | |||||
CVE-2008-4399 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." | |||||
CVE-2008-4398 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||||
CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | |||||
CVE-2008-2241 | 2 Broadcom, Ca | 4 Brightstor Arcserve Backup, Server Protection Suite, Brightstor Arcserve Backup and 1 more | 2021-04-09 | 10.0 HIGH | N/A |
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. |