Filtered by vendor Ca
Subscribe
Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9394 | 1 Ca | 1 Identity Governance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
|
|||||
| CVE-2016-9164 | 1 Ca | 1 Unified Infrastructure Management | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-9165 | 1 Ca | 2 Unified Infrastructure Management, Unified Infrastructure Management Snap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
|
|||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
|
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
|
|||||
| CVE-2016-9148 | 1 Ca | 1 Service Desk Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
|
|||||
| CVE-2017-8391 | 3 Ca, Linux, Microsoft | 3 Client Automation, Linux Kernel, Windows | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
|
|||||
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficie ...
Show More |
|||||
| CVE-2017-9393 | 1 Ca | 2 Identity Manager, Identity Manager Virtual Appliance | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
|
|||||
| CVE-2014-8471 | 1 Ca | 1 Cloud Service Management | 2025-04-12 | 4.3 MEDIUM | N/A |
|
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors.
|
|||||
| CVE-2014-8472 | 1 Ca | 1 Cloud Service Management | 2025-04-12 | 6.8 MEDIUM | N/A |
|
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2014-2210 | 1 Ca | 1 Erwin Web Portal | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2014-8473 | 1 Ca | 1 Cloud Service Management | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2015-3317 | 5 Ca, Hp, Ibm and 2 more | 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified v ...
Show More |
|||||
| CVE-2016-6152 | 2 Broadcom, Ca | 2 Ehealth, Ehealth | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2014-8474 | 1 Ca | 1 Cloud Service Management | 2025-04-12 | 7.5 HIGH | N/A |
|
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2016-6151 | 1 Ca | 1 Ehealth | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2015-3318 | 5 Ca, Hp, Ibm and 2 more | 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unkn ...
Show More |
|||||
| CVE-2015-3316 | 6 Broadcom, Ca, Hp and 3 more | 11 Network And Systems Management, Client Automation, Network And Systems Management and 8 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.
|
|||||
| CVE-2012-6298 | 1 Ca | 1 Identityminder | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.
|
|||||
| CVE-2012-6299 | 1 Ca | 1 Identityminder | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.
|
|||||
| CVE-2010-3984 | 1 Ca | 4 Arcserve Replication And High Availability, Xosoft Content Distribution, Xosoft High Availability and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.
|
|||||
| CVE-2010-5156 | 2 Ca, Microsoft | 2 Internet Security Suite 2010, Windows Xp | 2025-04-11 | 6.2 MEDIUM | N/A |
|
Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a ...
Show More |
|||||
| CVE-2011-1899 | 1 Ca | 1 Ehealth | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2012-5973 | 1 Ca | 1 Xcom Data Transport | 2025-04-11 | 10.0 HIGH | N/A |
|
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2011-0758 | 1 Ca | 2 Etrust Secure Content Manager, Gateway Security | 2025-04-11 | 10.0 HIGH | N/A |
|
The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.
|
|||||
| CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | 5.0 MEDIUM | N/A |
|
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.
|
|||||
| CVE-2013-5968 | 2 Broadcom, Ca | 2 Siteminder, Web Agents | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
|
|||||
| CVE-2012-1453 | 13 Antiy, Ca, Drweb and 10 more | 14 Avl Sdk, Etrust Vet Antivirus, Dr.web Antivirus and 11 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and ...
Show More |
|||||
| CVE-2011-1036 | 1 Ca | 3 Host-based Intrusion Prevention System, Internet Security Suite 2010, Internet Security Suite 2011 | 2025-04-11 | 8.8 HIGH | N/A |
|
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
|
|||||
| CVE-2012-1446 | 13 Aladdin, Antiy, Ca and 10 more | 14 Esafe, Avl Sdk, Etrust Vet Antivirus and 11 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows ...
Show More |
|||||
| CVE-2011-1825 | 1 Ca | 1 Arcot Webfort Versatile Authentication Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-1826 | 1 Ca | 1 Arcot Webfort Versatile Authentication Server | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2010-1223 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.
|
|||||
| CVE-2011-3011 | 1 Ca | 1 Arcserve D2d | 2025-04-11 | 5.0 MEDIUM | N/A |
|
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
|
|||||
| CVE-2012-1440 | 5 Aladdin, Ca, Fortinet and 2 more | 5 Esafe, Etrust Vet Antivirus, Fortinet Antivirus and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
|
|||||
| CVE-2010-0640 | 1 Ca | 1 Ehealth Performance Manager | 2025-04-11 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
|
|||||
| CVE-2011-4054 | 1 Ca | 1 Siteminder | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
|
|||||
| CVE-2011-2667 | 2 Broadcom, Ca | 2 Total Defense, Gateway Security | 2025-04-11 | 10.0 HIGH | N/A |
|
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
|
|||||
| CVE-2010-4502 | 1 Ca | 1 Internet Security Suite Plus 2010 | 2025-04-11 | 7.2 HIGH | N/A |
|
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.
|
|||||
| CVE-2011-1718 | 2 Broadcom, Ca | 2 Siteminder, Siteminder | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
|
|||||