Lucene search

[email protected]CVE-2015-3318

HistoryJun 17, 2015 - 10:59 a.m.

CVE-2015-3318

2015-06-1710:59:03

CWE-20

[email protected]

web.nvd.nist.gov

ca common services

ca client automation

ca network and systems management

cve-2015-3318

security vulnerability

6.8 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.

Affected configurations

NVD

Node

caclient_automationMatchr12.5sp01

caclient_automationMatchr12.8

caclient_automationMatchr12.9

canetwork_and_systems_managementMatchr11.2

cansm_job_management_optionMatchr11.0

cansm_job_management_optionMatchr11.1

cansm_job_management_optionMatchr11.2

cauniversal_job_management_agentMatch-

cavirtual_assurance_for_infrastructure_managersMatch12.6

cavirtual_assurance_for_infrastructure_managersMatch12.7

cavirtual_assurance_for_infrastructure_managersMatch12.8

cavirtual_assurance_for_infrastructure_managersMatch12.9

caworkload_automation_aeMatchr11.0

caworkload_automation_aeMatchr11.3

caworkload_automation_aeMatchr11.3.5

caworkload_automation_aeMatchr11.3.6

AND

hphp-ux

ibmaix

linuxlinux_kernel

oraclesolarisMatch-

CPENameOperatorVersion
ca:client_automationca client automationeqr12.5
ca:client_automationca client automationeqr12.8
ca:client_automationca client automationeqr12.9
ca:network_and_systems_managementca network and systems managementeqr11.2
ca:nsm_job_management_optionca nsm job management optioneqr11.0
ca:nsm_job_management_optionca nsm job management optioneqr11.1
ca:nsm_job_management_optionca nsm job management optioneqr11.2
ca:universal_job_management_agentca universal job management agenteq-
ca:virtual_assurance_for_infrastructure_managersca virtual assurance for infrastructure managerseq12.6
ca:virtual_assurance_for_infrastructure_managersca virtual assurance for infrastructure managerseq12.7

CPE	Name	Operator	Version
ca:client_automation	ca client automation	eq	r12.5
ca:client_automation	ca client automation	eq	r12.8
ca:client_automation	ca client automation	eq	r12.9
ca:network_and_systems_management	ca network and systems management	eq	r11.2
ca:nsm_job_management_option	ca nsm job management option	eq	r11.0
ca:nsm_job_management_option	ca nsm job management option	eq	r11.1
ca:nsm_job_management_option	ca nsm job management option	eq	r11.2
ca:universal_job_management_agent	ca universal job management agent	eq	-
ca:virtual_assurance_for_infrastructure_managers	ca virtual assurance for infrastructure managers	eq	12.6
ca:virtual_assurance_for_infrastructure_managers	ca virtual assurance for infrastructure managers	eq	12.7

Rows per page:

1-10 of 161

References

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx

www.securityfocus.com/bid/75033

www.securitytracker.com/id/1032512

www.securitytracker.com/id/1032513