CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the...
6.1CVSS
6.5AI Score
0.001EPSS
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting...
6.1CVSS
6.6AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID...
6.1CVSS
6.5AI Score
0.001EPSS
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture...
6.1CVSS
6.3AI Score
0.001EPSS
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified...
7.5CVSS
7.5AI Score
0.002EPSS
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service...
7.5CVSS
7.5AI Score
0.002EPSS
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary...
9.8CVSS
9.8AI Score
0.542EPSS
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target...
9.8CVSS
9.4AI Score
0.071EPSS
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller...
7.5CVSS
7.5AI Score
0.002EPSS
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated...
7.8CVSS
6.8AI Score
0.0004EPSS
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary...
9.8CVSS
7.5AI Score
0.018EPSS
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system...
8.8CVSS
7.8AI Score
0.003EPSS
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system...
9.8CVSS
7.8AI Score
0.004EPSS
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary...
9.8CVSS
8.1AI Score
0.015EPSS
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an....
8.8CVSS
7.8AI Score
0.009EPSS
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some...
4.3CVSS
7.3AI Score
0.006EPSS
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted...
6.1CVSS
5.7AI Score
0.008EPSS
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user...
9.8CVSS
7.5AI Score
0.003EPSS
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey...
7.5CVSS
7.3AI Score
0.001EPSS
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account...
5.3CVSS
7.5AI Score
0.001EPSS
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file...
9.8CVSS
6.9AI Score
0.004EPSS
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary...
9.8CVSS
9.7AI Score
0.11EPSS
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive...
7.5CVSS
7.2AI Score
0.001EPSS
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive...
7.5CVSS
7.4AI Score
0.002EPSS
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive...
7.5CVSS
6.6AI Score
0.001EPSS
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting...
6.1CVSS
6.9AI Score
0.001EPSS
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery...
9.1CVSS
7.6AI Score
0.002EPSS
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive...
7.5CVSS
6.6AI Score
0.001EPSS
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection...
9.8CVSS
8.9AI Score
0.001EPSS
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted...
9.8CVSS
9.9AI Score
0.008EPSS
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted...
7.5CVSS
7.5AI Score
0.001EPSS
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted...
6.1CVSS
6.8AI Score
0.001EPSS
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld...
8.8CVSS
8.1AI Score
0.001EPSS
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary...
9.8CVSS
9.6AI Score
0.01EPSS
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration...
9.8CVSS
9.9AI Score
0.128EPSS
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted...
7.5CVSS
7.5AI Score
0.001EPSS
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log...
5.3CVSS
7.3AI Score
0.001EPSS
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password...
7.5CVSS
7.6AI Score
0.001EPSS
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection...
9.8CVSS
8.6AI Score
0.001EPSS
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP...
8.8CVSS
8.6AI Score
0.001EPSS
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP...
9.8CVSS
8.4AI Score
0.015EPSS
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another...
5.4CVSS
5.6AI Score
0.001EPSS
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive...
9.8CVSS
7.6AI Score
0.004EPSS