Filtered by vendor Ca
Subscribe
Total
138 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-7393 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2020-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | |||||
CVE-2017-9394 | 1 Ca | 1 Identity Governance | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | |||||
CVE-2017-8391 | 3 Ca, Linux, Microsoft | 3 Client Automation, Linux Kernel, Windows | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | |||||
CVE-2018-13821 | 1 Ca | 1 Unified Infrastructure Management | 2018-11-05 | 7.5 HIGH | 9.8 CRITICAL |
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | |||||
CVE-2006-0529 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. | |||||
CVE-2006-0530 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. | |||||
CVE-2004-2478 | 3 Ca, Ibm, Jetty | 3 Unicenter Web Services Distributed Management, Trading Partner Interchange, Jetty Http Server | 2018-10-19 | 7.5 HIGH | N/A |
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2018-13820 | 1 Ca | 1 Unified Infrastructure Management | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2018-10-16 | 7.8 HIGH | N/A |
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | |||||
CVE-2006-6952 | 1 Ca | 1 Host-based Intrusion Prevention System | 2018-10-16 | 7.2 HIGH | N/A |
Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers. | |||||
CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2018-10-11 | 10.0 HIGH | N/A |
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2008-2511 | 1 Ca | 1 Internet Security Suite Plus 2008 | 2018-10-11 | 9.3 HIGH | N/A |
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2541 | 1 Ca | 1 Etrust Secure Content Manager | 2018-10-11 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command. | |||||
CVE-2010-3984 | 1 Ca | 4 Arcserve Replication And High Availability, Xosoft Content Distribution, Xosoft High Availability and 1 more | 2018-10-10 | 7.5 HIGH | N/A |
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx. | |||||
CVE-2010-2193 | 1 Ca | 2 Psformx Active X Control, Webscan Active X Control | 2018-10-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2018-10-10 | 5.0 MEDIUM | N/A |
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | |||||
CVE-2010-1223 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2018-10-10 | 10.0 HIGH | N/A |
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service. | |||||
CVE-2010-1222 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2018-10-10 | 5.0 MEDIUM | N/A |
CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | |||||
CVE-2010-0640 | 1 Ca | 1 Ehealth Performance Manager | 2018-10-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. |