The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | etrust_access_control | 5.0 |
| broadcom | etrust_access_control | 4.1 |
| broadcom | etrust_access_control | 5.0 |
| ca | etrust_access_control | 4.1 |
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | arcserve_backup | 6.63_linux |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup_2000 | * |
| broadcom | arcserve_backup | 6.61 |
| ca | arcserve_backup_2000 | * |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup_2000 | * |
| broadcom | arcserve_backup | 6.61 |
| ca | arcserve_backup_2000 | * |
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | 6.61 |
| ca | arcserve_backup | 6.63 |
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_remote_control_option | 5.1 |
| ca | unicenter_remote_control_option | 5.1 |
| broadcom | unicenter_remote_control | 5.2 |
| ca | controlit | 5.0 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | controlit | 5.1 |
| broadcom | unicenter_remote_control_option | 5.0 |
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| archive_zip | archive_zip | 1.13 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| archive_zip | archive_zip | 1.13 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| archive_zip | archive_zip | 1.13 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| archive_zip | archive_zip | 1.13 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| archive_zip | archive_zip | 1.13 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| archive_zip | archive_zip | 1.13 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.80 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.78d |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.85 |
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.4.6 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.86 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | 1.4 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| broadcom | etrust_ez_armor | 2.0 |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.81 |
| broadcom | inoculateit | 6.0 |
| eset_software | nod32_antivirus | 1.0.12 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.3 |
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jetty | jetty_http_server | 4.2.19 |
| jetty | jetty_http_server | 4.2.6 |
| ibm | trading_partner_interchange | 4.2.1 |
| ca | unicenter_web_services_distributed_management | * |
| jetty | jetty_http_server | 4.2.5 |
| jetty | jetty_http_server | 4.2.18 |
| jetty | jetty_http_server | 4.1.1 |
| jetty | jetty_http_server | 4.2.7 |
| jetty | jetty_http_server | 4.2.15 |
| jetty | jetty_http_server | 3.1.7 |
| jetty | jetty_http_server | 4.1.0 |
| jetty | jetty_http_server | 4.2.9 |
| jetty | jetty_http_server | 4.2.16 |
| jetty | jetty_http_server | 4.1.0_rc4 |
| jetty | jetty_http_server | 4.2.12 |
| ibm | trading_partner_interchange | * |
| jetty | jetty_http_server | 4.2.4 |
| jetty | jetty_http_server | 4.2.14 |
| jetty | jetty_http_server | 4.2.17 |
| jetty | jetty_http_server | 4.2.11 |
| jetty | jetty_http_server | 3.1.6 |
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | brightstor_arcserve_backup | 11.1 |
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | brightstor_arcserve_backup_agent | 11.0 |
| ca | brightstor_enterprise_backup_agent | 10.5 |
| ca | brightstor_arcserve_backup_agent | 11.1 |
| ca | brightstor_enterprise_backup_agent | 10.0 |
| ca | brightstor_arcserve_backup | 11.0 |
| ca | brightstor_arcserve_backup_agent | 9.0.1 |
| ca | brightstor_arcserve_backup | 9.0.1 |
| ca | brightstor_arcserve_backup_agent | 11 |
| ca | brightstor_arcserve_backup | 11.1 |
| ca | brightstor_arcserve_backup | 9.0_1 |
| broadcom | brightstor_enterprise_backup | 10.0 |
| broadcom | brightstor_enterprise_backup | 10.5 |
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| ca | etrust_antivirus | 7.0 |
| ca | etrust_intrusion_detection | 3.0 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_ez_armor | 1.0 |
| broadcom | etrust_antivirus_ee | 7.0 |
| broadcom | etrust_antivirus | 6.0 |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_intrusion_detection | 3.0 |
| broadcom | etrust_ez_armor_le | 3.0.0.14 |
| ca | vet_antivirus | 10.66 |
| broadcom | etrust_ez_armor | 2.4 |
| zonelabs | zonealarm | * |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.3 |
| zonelabs | zonealarm_antivirus | * |
| broadcom | etrust_secure_content_manager | 1.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_ez_armor | 2.0 |
| ca | etrust_antivirus | 7.1 |
| broadcom | etrust_antivirus_ee | 6.0 |
| broadcom | inoculateit | 6.0 |
| ca | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_armor_le | 2.0 |
| broadcom | etrust_ez_armor | 2.4.4 |
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_jasmine | 3.0 |
| ca | unicenter_nsm | 3.0 |
| broadcom | message_queuing | 1.05 |
| broadcom | etrust_admin | 8.0 |
| broadcom | unicenter_tng | 2.1 |
| broadcom | unicenter_service_level_management | 3.5 |
| broadcom | unicenter_asset_management | 3.1 |
| broadcom | unicenter_asset_management | 4.0 |
| broadcom | etrust_admin | 2.01 |
| ca | unicenter_enterprise_job_manager | 1.0 |
| broadcom | unicenter_performance_management | 2.4 |
| broadcom | cleverpath_predictive_analysis_server | 3.0 |
| broadcom | message_queuing | 1.11_build_29_13 |
| broadcom | unicenter_tng | 2.4 |
| ca | unicenter_management | 3.5 |
| broadcom | brightstor_portal | 11.1 |
| broadcom | unicenter_tng | 2.2 |
| broadcom | unicenter_tng | 2.4.2 |
| ca | unicenter_management | 5.0.1 |
| broadcom | unicenter_application_performance_monitor | 3.0 |
| broadcom | brightstor_san_manager | 1.1 |
| broadcom | brightstor_san_manager | 11.1 |
| broadcom | unicenter_software_delivery | 3.1 |
| broadcom | etrust_admin | 8.1 |
| broadcom | unicenter_asset_management | 3.2 |
| broadcom | unicenter_data_transport_option | 2.0 |
| ca | unicenter_tng | 2.2 |
| broadcom | unicenter_service_level_management | 3.0.2 |
| broadcom | cleverpath_olap | 5.1 |
| ca | unicenter_nsm | 3.1 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | unicenter_asset_management | 4.0 |
| ca | unicenter_management | 4.1 |
| broadcom | unicenter_software_delivery | 4.0 |
| broadcom | adviseit | 2.4 |
| ca | unicenter_management | 4.0 |
| broadcom | unicenter_application_performance_monitor | 3.5 |
| ca | unicenter_management | 5 |
| broadcom | unicenter_service_level_management | 3.0.1 |
| broadcom | etrust_admin | 2.07 |
| broadcom | cleverpath_ecm | 3.5 |
| broadcom | etrust_admin | 2.09 |
| broadcom | etrust_admin | 2.04 |
| broadcom | unicenter_software_delivery | 3.0 |
| broadcom | unicenter_service_level_management | 3.0 |
| broadcom | message_queuing | 1.07_build_220_13 |
| broadcom | advantage_data_transport | 3.0 |
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_jasmine | 3.0 |
| ca | unicenter_management | 5.0 |
| ca | etrust_admin | 2.7 |
| broadcom | etrust_admin | 8.0 |
| broadcom | unicenter_tng | 2.1 |
| broadcom | unicenter_service_level_management | 3.5 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| broadcom | unicenter_asset_management | 3.1 |
| broadcom | unicenter_asset_management | 4.0 |
| broadcom | cleverpath_aion | 10.0 |
| ca | etrust_admin | 2.1 |
| ca | unicenter_enterprise_job_manager | 1.0 |
| broadcom | unicenter_performance_management | 2.4 |
| broadcom | cleverpath_predictive_analysis_server | 3.0 |
| broadcom | unicenter_tng | 2.4 |
| ca | unicenter_management | 3.5 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| broadcom | brightstor_portal | 11.1 |
| broadcom | unicenter_tng | 2.2 |
| broadcom | unicenter_tng | 2.4.2 |
| broadcom | unicenter_management_portal | 2.0 |
| ca | unicenter_management | 5.0.1 |
| broadcom | unicenter_application_performance_monitor | 3.0 |
| broadcom | brightstor_san_manager | 1.1 |
| broadcom | brightstor_san_manager | 11.1 |
| broadcom | unicenter_software_delivery | 3.1 |
| broadcom | messaging | 1.11 |
| broadcom | etrust_admin | 8.1 |
| broadcom | unicenter_asset_management | 3.2 |
| broadcom | unicenter_data_transport_option | 2.0 |
| ca | unicenter_tng | 2.2 |
| broadcom | messaging | 1.5 |
| broadcom | unicenter_service_level_management | 3.0.2 |
| broadcom | cleverpath_olap | 5.1 |
| broadcom | unicenter_remote_control | 6.0 |
| broadcom | cleverpath_predictive_analysis_server | 2.0 |
| ca | unicenter_asset_management | 4.0 |
| ca | unicenter_management | 4.1 |
| broadcom | unicenter_software_delivery | 4.0 |
| broadcom | adviseit | 2.4 |
| ca | unicenter_management | 4.0 |
| broadcom | unicenter_application_performance_monitor | 3.5 |
| broadcom | unicenter_service_level_management | 3.0.1 |
| ca | etrust_admin | 2.4 |
| broadcom | unicenter_management_portal | 3.1 |
| broadcom | cleverpath_ecm | 3.5 |
| broadcom | unicenter_software_delivery | 3.0 |
| ca | etrust_admin | 2.9 |
| broadcom | unicenter_service_level_management | 3.0 |
| broadcom | unicenter_nsm_wireless_network_management_option | 3.0 |
| broadcom | advantage_data_transport | 3.0 |
| broadcom | messaging | 1.7 |
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_jasmine | 3.0 |
| ca | unicenter_management | 5.0 |
| ca | etrust_admin | 2.7 |
| broadcom | etrust_admin | 8.0 |
| broadcom | unicenter_tng | 2.1 |
| broadcom | unicenter_service_level_management | 3.5 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| broadcom | unicenter_asset_management | 3.1 |
| broadcom | unicenter_asset_management | 4.0 |
| broadcom | cleverpath_aion | 10.0 |
| ca | etrust_admin | 2.1 |
| ca | unicenter_enterprise_job_manager | 1.0 |
| broadcom | unicenter_performance_management | 2.4 |
| broadcom | cleverpath_predictive_analysis_server | 3.0 |
| broadcom | unicenter_tng | 2.4 |
| ca | unicenter_management | 3.5 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| broadcom | brightstor_portal | 11.1 |
| broadcom | unicenter_tng | 2.2 |
| broadcom | unicenter_tng | 2.4.2 |
| broadcom | unicenter_management_portal | 2.0 |
| ca | unicenter_management | 5.0.1 |
| broadcom | unicenter_application_performance_monitor | 3.0 |
| broadcom | brightstor_san_manager | 1.1 |
| broadcom | brightstor_san_manager | 11.1 |
| broadcom | unicenter_software_delivery | 3.1 |
| broadcom | messaging | 1.11 |
| broadcom | etrust_admin | 8.1 |
| broadcom | unicenter_asset_management | 3.2 |
| broadcom | unicenter_data_transport_option | 2.0 |
| ca | unicenter_tng | 2.2 |
| broadcom | messaging | 1.5 |
| broadcom | unicenter_service_level_management | 3.0.2 |
| broadcom | cleverpath_olap | 5.1 |
| broadcom | unicenter_remote_control | 6.0 |
| broadcom | cleverpath_predictive_analysis_server | 2.0 |
| ca | unicenter_asset_management | 4.0 |
| ca | unicenter_management | 4.1 |
| broadcom | unicenter_software_delivery | 4.0 |
| broadcom | adviseit | 2.4 |
| ca | unicenter_management | 4.0 |
| broadcom | unicenter_application_performance_monitor | 3.5 |
| broadcom | unicenter_service_level_management | 3.0.1 |
| ca | etrust_admin | 2.4 |
| broadcom | unicenter_management_portal | 3.1 |
| broadcom | cleverpath_ecm | 3.5 |
| broadcom | unicenter_software_delivery | 3.0 |
| ca | etrust_admin | 2.9 |
| broadcom | unicenter_service_level_management | 3.0 |
| broadcom | unicenter_nsm_wireless_network_management_option | 3.0 |
| broadcom | advantage_data_transport | 3.0 |
| broadcom | messaging | 1.7 |
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_integrated_threat_management | 8.0 |
| ca | unicenter_web_server_management | 11.0 |
| broadcom | brightstor_storage_resource_manager | 6.4 |
| broadcom | brightstor_arcserve_backup | 11.5 |
| broadcom | brightstor_san_manager | 11.5 |
| broadcom | brightstor_storage_resource_manager | 11.5 |
| broadcom | brightstor_storage_resource_manager | 11.1 |
| ca | brightstor_arcserve_backup | 11 |
| ca | unicenter_service_catalog_fulfillment_accounting | 11.0 |
| broadcom | etrust_audit_aries | 8.0 |
| ca | unicenter_service_level_management | 11.0 |
| ca | unicenter_web_services_distributed_management | 11.0 |
| ca | brightstor_enterprise_backup | 10.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 |
| ca | unicenter_management | 11.0 |
| broadcom | unicenter_asset_portfolio_management | 11.0 |
| broadcom | unicenter_autosys_jm | 11.0 |
| broadcom | unicenter_service_delivery | 11.0 |
| broadcom | brightstor_arcserve_backup | 9.01 |
| broadcom | etrust_audit_irecorder | 8.0 |
| ca | unicenter_ca_web_services_distributed_management | 11.0 |
| ca | etrust_audit_aries | 1.5 |
| broadcom | itechnology_igateway | * |
| broadcom | unicenter_service_desk | 11.0 |
| ca | brightstor_enterprise_backup | 10.5 |
| ca | etrust_directory | 8.1_web_components |
| ca | unicenter_management | 3.5 |
| broadcom | brightstor_portal | 11.1 |
| ca | etrust_secure_content_manager | 8.0 |
| broadcom | unicenter_service_metric_analysis | 11.0 |
| ca | unicenter_application_performance_monitor | 11.0 |
| broadcom | unicenter_service_desk_knowledge_tools | 11.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.0 |
| ca | unicenter_exchange_management_console | 11.0 |
| broadcom | brightstor_san_manager | 11.1 |
| broadcom | brightstor_process_automation_manager | 11.1 |
| ca | unicenter_application_server_managment | 11.0 |
| broadcom | etrust_audit_irecorder | 1.5 |
| ca | unicenter_service_fulfillment | 11.0 |
| broadcom | brightstor_storage_resource_manager | 6.3 |
| broadcom | etrust_identity_minder | 8.0 |
| broadcom | unicenter_service_fulfillment | 2.2 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_admin | 8.1 |
The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption or application hang) via a large network packet, which causes a WSAEMESGSIZE error code that is not handled, leading to a thread exit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | server_protection_suite | 2 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 |
| broadcom | desktop_protection_suite | 2.0 |
| broadcom | business_protection_suite | 2.0 |
| broadcom | unicenter_remote_control | 5.2 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.74 |
| ca | unicenter_remote_control | 6.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.0 |
| broadcom | brightstor_mobile_backup | r4.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.56.3 |
The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified "unrecognized network messages" that are not properly handled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | server_protection_suite | 2 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 |
| broadcom | desktop_protection_suite | 2.0 |
| broadcom | business_protection_suite | 2.0 |
| broadcom | unicenter_remote_control | 5.2 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.74 |
| ca | unicenter_remote_control | 6.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.0 |
| broadcom | brightstor_mobile_backup | r4.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.56.3 |
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | messaging | 1.11.26.6 |
| ca | messaging | 1.07.220.6 |
| ca | messaging | 1.11.21 |
| ca | messaging | 1.07.220.11 |
| ca | messaging | 1.11.26 |
| ca | messaging | 1.11.26.9 |
| ca | messaging | 1.11.29.13 |
| ca | messaging | 1.07.220.5 |
| ca | messaging | 1.11.27.0 |
| ca | messaging | 1.11.29.15 |
| ca | messaging | 1.11.29.16 |
| ca | messaging | 1.07.220.13 |
| ca | messaging | 1.07.220.10 |
| ca | messaging | 1.11.29.9 |
| ca | messaging | 1.07.210.0 |
| ca | messaging | 1.11.19.0 |
| ca | messaging | 1.11.28.0 |
| ca | messaging | 1.07.220.15 |
| ca | messaging | 1.11.29.4 |
| ca | messaging | 1.07.220.0 |
| ca | messaging | 1.11.27.1 |
| ca | messaging | 1.07.220.3 |
| ca | messaging | 1.11.22 |
| ca | messaging | 1.11.23 |
| ca | messaging | 1.11.29.0 |
| ca | messaging | 1.07.220.9 |
| ca | messaging | 1.11.26.2 |
| ca | messaging | 1.11.29.17 |
| ca | messaging | 1.11.27.2 |
| ca | messaging | 1.11.29.3 |
| ca | messaging | 1.11.29.14 |
| ca | messaging | 1.11.27.3 |
| ca | messaging | 1.11.29.19 |
| ca | messaging | 1.07.220.8 |
| ca | messaging | 1.11.29.6 |
| ca | messaging | 1.07.220.4 |
| ca | messaging | 1.11.29.8 |
| ca | messaging | 1.11.24 |
| ca | messaging | 1.11.29.18 |
| ca | messaging | 1.07.220.14 |
| ca | messaging | 1.07.220.7 |
| ca | messaging | 1.11.26.7 |
| ca | messaging | 1.11.26.8 |
| ca | messaging | 1.11.29.5 |
| ca | messaging | 1.11.29.2 |
| ca | messaging | 1.11.26.10 |
| ca | messaging | 1.11.29.7 |
| ca | messaging | 1.11.18.0 |
| ca | messaging | 1.11.25 |
| ca | messaging | 1.05 |
| ca | messaging | 1.11.26.1 |
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | messaging | 1.11.26.6 |
| ca | messaging | 1.07.220.6 |
| ca | messaging | 1.11.21 |
| ca | messaging | 1.07.220.11 |
| ca | messaging | 1.11.26 |
| ca | messaging | 1.11.26.9 |
| ca | messaging | 1.11.29.13 |
| ca | messaging | 1.07.220.5 |
| ca | messaging | 1.11.27.0 |
| ca | messaging | 1.11.29.15 |
| ca | messaging | 1.11.29.16 |
| ca | messaging | 1.07.220.13 |
| ca | messaging | 1.07.220.10 |
| ca | messaging | 1.11.29.9 |
| ca | messaging | 1.07.210.0 |
| ca | messaging | 1.11.19.0 |
| ca | messaging | 1.11.28.0 |
| ca | messaging | 1.07.220.15 |
| ca | messaging | 1.11.29.4 |
| ca | messaging | 1.07.220.0 |
| ca | messaging | 1.11.27.1 |
| ca | messaging | 1.07.220.3 |
| ca | messaging | 1.11.22 |
| ca | messaging | 1.11.23 |
| ca | messaging | 1.11.29.0 |
| ca | messaging | 1.07.220.9 |
| ca | messaging | 1.11.26.2 |
| ca | messaging | 1.11.29.17 |
| ca | messaging | 1.11.27.2 |
| ca | messaging | 1.11.29.3 |
| ca | messaging | 1.11.29.14 |
| ca | messaging | 1.11.27.3 |
| ca | messaging | 1.11.29.19 |
| ca | messaging | 1.07.220.8 |
| ca | messaging | 1.11.29.6 |
| ca | messaging | 1.07.220.4 |
| ca | messaging | 1.11.29.8 |
| ca | messaging | 1.11.24 |
| ca | messaging | 1.11.29.18 |
| ca | messaging | 1.07.220.14 |
| ca | messaging | 1.07.220.7 |
| ca | messaging | 1.11.26.7 |
| ca | messaging | 1.11.26.8 |
| ca | messaging | 1.11.29.5 |
| ca | messaging | 1.11.29.2 |
| ca | messaging | 1.11.26.10 |
| ca | messaging | 1.11.29.7 |
| ca | messaging | 1.11.18.0 |
| ca | messaging | 1.11.25 |
| ca | messaging | 1.05 |
| ca | messaging | 1.11.26.1 |
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| ca | etrust_intrusion_detection | 3.0 |
| ca | common_services | 3.1 |
| ca | anti-virus_plus | 2009 |
| broadcom | common_services | 11.1 |
| broadcom | network_and_systems_management | r3.1 |
| broadcom | internet_security_suite | 3.0 |
| ca | protection_suites | r3 |
| broadcom | etrust_antivirus | 8 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| broadcom | anti-virus_sdk | * |
| ca | threat_manager | r8 |
| broadcom | etrust_intrusion_detection | 3.0 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| ca | etrust_secure_content_manager | 8.0 |
| broadcom | internet_security_suite | * |
| broadcom | anti-virus_for_the_enterprise | r8 |
| broadcom | secure_content_manager | 1.1 |
| ca | arcserve_for_windows_client_agent | * |
| ca | threat_manager | 8.1 |
| ca | arcserve_backup | r11.5 |
| broadcom | etrust_integrated_threat_management | 8.1 |
| ca | anti-virus_gateway | 7.1 |
| broadcom | network_and_systems_management | r11 |
| ca | anti-virus_for_the_enterprise | r8.1 |
| ca | internet_security_suite_plus_2009 | * |
| ca | anti-virus | 2009 |
| broadcom | anti-virus | 2008 |
| broadcom | etrust_antivirus | 8.1 |
| ca | arcserve_for_windows_server_component | * |
| ca | gateway_security | r8.1 |
| ca | etrust_anti-virus_sdk | * |
| ca | etrust_anti-virus_gateway | 7.1 |
| broadcom | unicenter_network_and_systems_management | 11.1 |
| broadcom | unicenter_network_and_systems_management | 11 |
| ca | protection_suites | r2 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | network_and_systems_management | r3.0 |
| ca | arcserve_backup | r11.1 |
| broadcom | common_services | 11 |
| broadcom | anti-virus_for_the_enterprise | 7.1 |
| ca | threat_manager_total_defense | * |
| broadcom | secure_content_manager | 8.0 |
| ca | etrust_intrusion_detection | 2.0 |
| ca | internet_security_suite_2008 | * |
| ca | protection_suites | r3.1 |
| broadcom | anti-virus | 2007 |
| broadcom | network_and_systems_management | r11.1 |
| ca | internet_security_suite_plus_2008 | * |
| ca | etrust_ez_antivirus | r7.1 |
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_secure_content_manager | 1.1 |
| ca | etrust_intrusion_detection | 3.0 |
| ca | common_services | 3.1 |
| ca | anti-virus_plus | 2009 |
| broadcom | common_services | 11.1 |
| broadcom | network_and_systems_management | r3.1 |
| broadcom | internet_security_suite | 3.0 |
| ca | protection_suites | r3 |
| broadcom | etrust_antivirus | 8 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| broadcom | anti-virus_sdk | * |
| ca | threat_manager | r8 |
| broadcom | etrust_intrusion_detection | 3.0 |
| broadcom | arcserve_backup | r12.0 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| ca | etrust_secure_content_manager | 8.0 |
| broadcom | internet_security_suite | * |
| broadcom | anti-virus_for_the_enterprise | r8 |
| broadcom | secure_content_manager | 1.1 |
| ca | arcserve_for_windows_client_agent | * |
| ca | threat_manager | 8.1 |
| ca | arcserve_backup | r11.5 |
| broadcom | etrust_integrated_threat_management | 8.1 |
| ca | anti-virus_gateway | 7.1 |
| broadcom | network_and_systems_management | r11 |
| ca | anti-virus_for_the_enterprise | r8.1 |
| ca | internet_security_suite_plus_2009 | * |
| ca | anti-virus | 2009 |
| broadcom | anti-virus | 2008 |
| broadcom | etrust_antivirus | 8.1 |
| ca | arcserve_for_windows_server_component | * |
| ca | gateway_security | r8.1 |
| ca | etrust_anti-virus_sdk | * |
| ca | etrust_anti-virus_gateway | 7.1 |
| broadcom | unicenter_network_and_systems_management | 11.1 |
| broadcom | unicenter_network_and_systems_management | 11 |
| ca | protection_suites | r2 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | network_and_systems_management | r3.0 |
| ca | arcserve_backup | r11.1 |
| broadcom | common_services | 11 |
| broadcom | anti-virus_for_the_enterprise | 7.1 |
| ca | threat_manager_total_defense | * |
| broadcom | secure_content_manager | 8.0 |
| ca | etrust_intrusion_detection | 2.0 |
| ca | internet_security_suite_2008 | * |
| ca | protection_suites | r3.1 |
| broadcom | anti-virus | 2007 |
| broadcom | network_and_systems_management | r11.1 |
| ca | internet_security_suite_plus_2008 | * |
| ca | etrust_ez_antivirus | r7.1 |
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth_performance_manager | 6.1 |
| ca | ehealth_performance_manager | 6.2 |
| ca | ehealth_performance_manager | 6.0 |
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | xosoft_high_availability | r12.5 |
| ca | xosoft_content_distribution | r12.0 |
| ca | xosoft_replication | r12.0 |
| ca | xosoft_content_distribution | r12.5 |
| ca | xosoft_replication | r12.5 |
| ca | xosoft_high_availability | r12.0 |
CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | xosoft_high_availability | r12.5 |
| ca | xosoft_content_distribution | r12.5 |
| ca | xosoft_replication | r12.5 |
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | xosoft_high_availability | r12.5 |
| ca | xosoft_content_distribution | r12.0 |
| ca | xosoft_replication | r12.0 |
| ca | xosoft_content_distribution | r12.5 |
| ca | xosoft_replication | r12.5 |
| ca | xosoft_high_availability | r12.0 |
Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | psformx_active_x_control | 56393399-041a-4650-94c7-13dfcb1f4665 |
| ca | webscan_active_x_control | 7b297bfd-85e4-4092-b2af-16a91b2ea103 |
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | xosoft_high_availability | r12.5 |
| ca | xosoft_content_distribution | r12.0 |
| ca | xosoft_replication | r12.0 |
| ca | arcserve_replication_and_high_availability | r15.0 |
| ca | xosoft_content_distribution | r12.5 |
| ca | xosoft_replication | r12.5 |
| ca | xosoft_high_availability | r12.0 |
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | internet_security_suite_plus_2010 | * |
Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | internet_security_suite_2010 | 6.0.0.272 |
The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | gateway_security | 8.1 |
| ca | etrust_secure_content_manager | 8.0 |
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | internet_security_suite_2010 | * |
| ca | internet_security_suite_2011 | * |
| ca | host-based_intrusion_prevention_system | 8.1 |
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | siteminder | 6 |
| broadcom | siteminder | 12.0 |
Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | arcot_webfort_versatile_authentication_server | * |
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | arcot_webfort_versatile_authentication_server | * |
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth | 6.2.2 |
| ca | ehealth | 6.1 |
| ca | ehealth | 6.1.1 |
| ca | ehealth | 6.2.1 |
| ca | ehealth | 6.0 |
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | gateway_security | 8.1 |
| broadcom | total_defense | r12 |
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | arcserve_d2d | r15 |
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | siteminder | * |
The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | etrust_vet_antivirus | 36.1.8511 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| aladdin | esafe | 7.0.17.0 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mcafee | gateway | 2010.1c |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| aladdin | esafe | 7.0.17.0 |
| mcafee | scan_engine | 5.400.0.1158 |
| sophos | sophos_anti-virus | 4.61.0 |
| ca | etrust_vet_antivirus | 36.1.8511 |
| pc_tools | pc_tools_antivirus | 7.0.3.5 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
| cat | quick_heal | 11.00 |
| antiy | avl_sdk | 2.0.3.7 |
| symantec | endpoint_protection | 11.0 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| rising-global | rising_antivirus | 22.83.00.03 |
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | security_essentials | 2.0 |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
| mcafee | gateway | 2010.1c |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| drweb | dr.web_antivirus | 5.0.2.03300 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
| sophos | sophos_anti-virus | 4.61.0 |
| ca | etrust_vet_antivirus | 36.1.8511 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| trendmicro | housecall | 9.120.0.1004 |
| antiy | avl_sdk | 2.0.3.7 |
| emsisoft | anti-malware | 5.1.0.1 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| rising-global | rising_antivirus | 22.83.00.03 |
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | xcom_data_transport | r11.5 |
| ca | xcom_data_transport | r11.0 |
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | identityminder | * |
| ca | identityminder | r12.6 |
| ca | identityminder | r12.5 |
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | identityminder | * |
| ca | identityminder | r12.6 |
| ca | identityminder | r12.5 |
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | siteminder | 12.5 |
| broadcom | siteminder | 12.51 |
| broadcom | siteminder | 12.0 |
| ca | web_agents | 6.0 |
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | erwin_web_portal | 9.5 |
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | cloud_service_management | * |
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | cloud_service_management | * |
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | cloud_service_management | * |
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | cloud_service_management | * |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | client_automation | r12.9 |
| ca | nsm_job_management_option | r11.1 |
| ca | virtual_assurance_for_infrastructure_managers | 12.9 |
| ca | universal_job_management_agent | - |
| ca | workload_automation_ae | r11.3.5 |
| ca | nsm_job_management_option | r11.0 |
| ca | nsm_job_management_option | r11.2 |
| ca | virtual_assurance_for_infrastructure_managers | 12.6 |
| ca | workload_automation_ae | r11 |
| ca | virtual_assurance_for_infrastructure_managers | 12.7 |
| ca | workload_automation_ae | r11.3.6 |
| ca | client_automation | r12.8 |
| ca | workload_automation_ae | r11.3 |
| ca | virtual_assurance_for_infrastructure_managers | 12.8 |
| ca | network_and_systems_management | r11.2 |
| broadcom | network_and_systems_management | r11.1 |
| ca | client_automation | r12.5 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | client_automation | r12.9 |
| ca | nsm_job_management_option | r11.1 |
| ca | virtual_assurance_for_infrastructure_managers | 12.9 |
| ca | universal_job_management_agent | - |
| ca | workload_automation_ae | r11.3.5 |
| ca | nsm_job_management_option | r11.0 |
| ca | nsm_job_management_option | r11.2 |
| ca | virtual_assurance_for_infrastructure_managers | 12.6 |
| ca | workload_automation_ae | r11 |
| ca | virtual_assurance_for_infrastructure_managers | 12.7 |
| ca | workload_automation_ae | r11.3.6 |
| ca | client_automation | r12.8 |
| ca | workload_automation_ae | r11.3 |
| ca | virtual_assurance_for_infrastructure_managers | 12.8 |
| ca | network_and_systems_management | r11.2 |
| ca | client_automation | r12.5 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | client_automation | r12.9 |
| ca | nsm_job_management_option | r11.1 |
| ca | workload_automation_ae | r11.0 |
| ca | virtual_assurance_for_infrastructure_managers | 12.9 |
| ca | universal_job_management_agent | - |
| ca | workload_automation_ae | r11.3.5 |
| ca | nsm_job_management_option | r11.0 |
| ca | nsm_job_management_option | r11.2 |
| ca | virtual_assurance_for_infrastructure_managers | 12.6 |
| ca | virtual_assurance_for_infrastructure_managers | 12.7 |
| ca | workload_automation_ae | r11.3.6 |
| ca | client_automation | r12.8 |
| ca | workload_automation_ae | r11.3 |
| ca | virtual_assurance_for_infrastructure_managers | 12.8 |
| ca | network_and_systems_management | r11.2 |
| ca | client_automation | r12.5 |
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | service_desk_manager | 12.9 |
| ca | service_desk_management | 14.1 |
CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth | 6.2.2 |
| ca | ehealth | 6.2.1 |
| ca | ehealth | 6.2 |
CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth | 6.2.2 |
| broadcom | ehealth | 6.3.2.08 |
| broadcom | ehealth | 6.3.2.11 |
| broadcom | ehealth | 6.3.2.12 |
| broadcom | ehealth | 6.3 |
| broadcom | ehealth | 6.3.2.09 |
| broadcom | ehealth | 6.3.2.06 |
| broadcom | ehealth | 6.3.1 |
| broadcom | ehealth | 6.3.2.05 |
| broadcom | ehealth | 6.3.2.03 |
| broadcom | ehealth | 6.3.2.01 |
| broadcom | ehealth | 6.3.2.10 |
| ca | ehealth | 6.2.1 |
| broadcom | ehealth | 6.3.2.07 |
| broadcom | ehealth | 6.3.2.04 |
| broadcom | ehealth | 6.3.2.02 |
| broadcom | ehealth | 6.3.2 |
| ca | ehealth | 6.2 |
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | service_desk_manager | 12.9 |
| ca | service_desk_manager | 14.1 |
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unified_infrastructure_management | * |
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unified_infrastructure_management | * |
| ca | unified_infrastructure_management_snap | * |
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | systemedge | 5.8.2 |
| ca | virtual_assurance_for_infrastructure_managers | 12.9 |
| broadcom | ca_workload_automation_ae | 11.0 |
| broadcom | ca_workload_automation_ae | 11.3.5 |
| broadcom | client_automation | 12.8 |
| broadcom | systems_performance_for_infrastructure_managers | 12.8 |
| broadcom | ca_workload_automation_ae | 11.3 |
| broadcom | client_automation | 12.9 |
| broadcom | systemedge | 5.9 |
| broadcom | systems_performance_for_infrastructure_managers | 12.9 |
| ca | universal_job_management_agent | 11.2 |
| ca | virtual_assurance_for_infrastructure_managers | 12.8 |
| broadcom | client_automation | 14.0 |
| broadcom | ca_workload_automation_ae | 11.3.6 |
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
CVSS 2.0
Severity: LOW
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | client_automation | r12.9 |
| ca | client_automation | r14.0 |
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | identity_manager_virtual_appliance | 14.1 |
| ca | identity_manager | 14.0 |
| ca | identity_manager | 12.6 |
| ca | identity_manager | 14.1 |
| ca | identity_manager_virtual_appliance | 14.0 |
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | identity_governance | 12.6.0 |
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unified_infrastructure_management | 8.5.1 |
| ca | unified_infrastructure_management | 8.5 |
| ca | unified_infrastructure_management | 8.4.7 |
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unified_infrastructure_management | 8.5.1 |
| ca | unified_infrastructure_management | 8.5 |
| ca | unified_infrastructure_management | 8.4.7 |
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unified_infrastructure_management | 8.5.1 |
| ca | unified_infrastructure_management | 8.5 |
| ca | unified_infrastructure_management | 8.4.7 |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 14.4 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | * |
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 14.4 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | * |
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 14.4 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | * |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 14.4 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | * |
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | service_desk_manager | 17.0 |
| ca | service_desk_manager | 14.1 |
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | service_desk_manager | 17.0 |
| ca | service_desk_manager | 14.1 |
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | api_developer_portal | 3.5 |
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | api_developer_portal | 3.5 |
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | api_developer_portal | 3.5 |
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | spectrum | * |
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | workload_automation_ae | r11.3.6 |
| ca | workload_automation_ae | * |
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | workload_control_center | sp1 |
| ca | workload_control_center | * |
| ca | workload_control_center | sp3 |
| ca | workload_control_center | sp4 |
| ca | workload_control_center | sp2 |
| ca | workload_control_center | sp5 |
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ca_privileged_access_manager | 2.0 |
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1021,CWE-1021,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | risk_authentication | 3.1 |
| ca | risk_authentication | * |
| ca | risk_authentication | 9.0 |
| ca | strong_authentication | 7.1 |
| ca | strong_authentication | * |
| ca | strong_authentication | 9.0 |
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | risk_authentication | 3.1 |
| ca | risk_authentication | * |
| ca | risk_authentication | 9.0 |
| ca | strong_authentication | 7.1 |
| ca | strong_authentication | * |
| ca | strong_authentication | 9.0 |
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth_performance_manager | * |
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth_performance_manager | * |
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | ehealth_performance_manager | * |