Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ca Subscribe
Total 138 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5968 2 Broadcom, Ca 2 Siteminder, Web Agents 2021-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
CVE-2018-13824 2 Broadcom, Ca 2 Project Portfolio Management, Project Portfolio Management 2021-04-12 7.5 HIGH 9.8 CRITICAL
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
CVE-2018-13825 2 Broadcom, Ca 2 Project Portfolio Management, Project Portfolio Management 2021-04-12 4.3 MEDIUM 6.1 MEDIUM
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVE-2018-13823 2 Broadcom, Ca 2 Project Portfolio Management, Project Portfolio Management 2021-04-12 5.0 MEDIUM 7.5 HIGH
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
CVE-2018-13826 2 Broadcom, Ca 2 Project Portfolio Management, Project Portfolio Management 2021-04-12 6.4 MEDIUM 9.1 CRITICAL
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVE-2008-4119 2 Broadcom, Ca 2 Service Desk, Cmdb 2021-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."
CVE-2007-5331 2 Broadcom, Ca 6 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 3 more 2021-04-09 10.0 HIGH N/A
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.
CVE-2008-2241 2 Broadcom, Ca 4 Brightstor Arcserve Backup, Server Protection Suite, Brightstor Arcserve Backup and 1 more 2021-04-09 10.0 HIGH N/A
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.
CVE-2006-5143 2 Broadcom, Ca 5 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 2 more 2021-04-09 7.5 HIGH N/A
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
CVE-2007-5326 2 Broadcom, Ca 6 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 3 more 2021-04-09 10.0 HIGH N/A
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2008-4397 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2021-04-09 10.0 HIGH N/A
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
CVE-2007-2139 2 Broadcom, Ca 5 Brightstor Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2021-04-09 10.0 HIGH N/A
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
CVE-2008-4399 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2021-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."
CVE-2008-4398 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2021-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.
CVE-2008-4400 2 Broadcom, Ca 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2021-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."
CVE-2007-5329 2 Broadcom, Ca 6 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 3 more 2021-04-09 10.0 HIGH N/A
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.
CVE-2018-19634 2 Broadcom, Ca 2 Service Desk Manager, Service Desk Manager 2021-04-09 5.0 MEDIUM 7.5 HIGH
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
CVE-2018-19635 2 Broadcom, Ca 2 Service Desk Manager, Service Desk Manager 2021-04-09 7.5 HIGH 9.8 CRITICAL
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVE-2009-0042 2 Broadcom, Ca 19 Anti-spyware, Anti-spyware For The Enterprise, Anti-virus and 16 more 2021-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
CVE-2015-3317 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2021-04-09 4.6 MEDIUM N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.