Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ca Subscribe
Total 138 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6589 1 Ca 1 Spectrum 2023-01-27 5.0 MEDIUM 7.5 HIGH
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2018-6588 1 Ca 1 Api Developer Portal 2023-01-27 4.3 MEDIUM 6.1 MEDIUM
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
CVE-2018-6587 1 Ca 1 Api Developer Portal 2023-01-27 4.3 MEDIUM 6.1 MEDIUM
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
CVE-2018-6586 1 Ca 1 Api Developer Portal 2023-01-27 4.3 MEDIUM 6.1 MEDIUM
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
CVE-2021-28249 1 Ca 1 Ehealth Performance Manager 2022-07-12 7.2 HIGH 8.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2009-3587 3 Broadcom, Ca, Linux 33 Anti-virus, Anti-virus For The Enterprise, Anti-virus Sdk and 30 more 2021-11-15 9.3 HIGH N/A
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
CVE-2016-9795 6 Broadcom, Ca, Hp and 3 more 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more 2021-11-09 7.2 HIGH 7.8 HIGH
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
CVE-2005-2669 2 Broadcom, Ca 28 Advantage Data Transport, Adviseit, Brightstor Portal and 25 more 2021-04-14 10.0 HIGH N/A
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
CVE-2007-0060 2 Broadcom, Ca 24 Advantage Data Transport, Brightstor Portal, Brightstor San Manager and 21 more 2021-04-14 9.3 HIGH N/A
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
CVE-2005-2668 2 Broadcom, Ca 28 Advantage Data Transport, Adviseit, Brightstor Portal and 25 more 2021-04-14 10.0 HIGH N/A
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2005-2667 2 Broadcom, Ca 24 Advantage Data Transport, Adviseit, Brightstor Portal and 21 more 2021-04-14 5.0 MEDIUM N/A
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
CVE-2005-3653 2 Broadcom, Ca 34 Brightstor Arcserve Backup, Brightstor Arcserve Backup Laptops Desktops, Brightstor Portal and 31 more 2021-04-14 10.0 HIGH N/A
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
CVE-2007-3875 2 Broadcom, Ca 23 Anti-spyware, Anti-virus For The Enterprise, Anti Virus Sdk and 20 more 2021-04-14 4.3 MEDIUM N/A
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
CVE-2009-3588 4 Broadcom, Ca, Linux and 1 more 35 Anti-virus, Anti-virus For The Enterprise, Anti-virus Sdk and 32 more 2021-04-14 4.3 MEDIUM N/A
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
CVE-2007-2864 2 Broadcom, Ca 13 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Common Services and 10 more 2021-04-14 9.3 HIGH N/A
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
CVE-2006-0306 2 Broadcom, Ca 7 Brightstor Arcserve Backup Laptops Desktops, Brightstor Mobile Backup, Business Protection Suite and 4 more 2021-04-13 5.0 MEDIUM N/A
The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption or application hang) via a large network packet, which causes a WSAEMESGSIZE error code that is not handled, leading to a thread exit.
CVE-2006-0307 2 Broadcom, Ca 7 Brightstor Arcserve Backup Laptops Desktops, Brightstor Mobile Backup, Business Protection Suite and 4 more 2021-04-13 5.0 MEDIUM N/A
The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified "unrecognized network messages" that are not properly handled.
CVE-2003-0998 2 Broadcom, Ca 4 Unicenter Remote Control, Unicenter Remote Control Option, Controlit and 1 more 2021-04-13 4.6 MEDIUM N/A
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
CVE-2011-2667 2 Broadcom, Ca 2 Total Defense, Gateway Security 2021-04-12 10.0 HIGH N/A
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
CVE-2011-1718 2 Broadcom, Ca 2 Siteminder, Siteminder 2021-04-12 4.3 MEDIUM N/A
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.