Lucene search

[email protected]CVE-2020-8011

HistoryFeb 18, 2020 - 4:15 a.m.

CVE-2020-8011

2020-02-1804:15:14

CWE-476

[email protected]

web.nvd.nist.gov

ca unified infrastructure management

nimsoft

uim

cve-2020-8011

null pointer

vulnerability

remote attacker

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

JSON

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

Affected configurations

NVD

Node

broadcomunified_infrastructure_managementRange≤9.20

broadcomunified_infrastructure_managementRange20.3.0–20.4.0

broadcomunified_infrastructure_managementMatch20.1

CPENameOperatorVersion
broadcom:unified_infrastructure_managementbroadcom unified infrastructure managementle9.20
broadcom:unified_infrastructure_managementbroadcom unified infrastructure managementlt20.4.0
broadcom:unified_infrastructure_managementbroadcom unified infrastructure managementeq20.1

CPE	Name	Operator	Version
broadcom:unified_infrastructure_management	broadcom unified infrastructure management	le	9.20
broadcom:unified_infrastructure_management	broadcom unified infrastructure management	lt	20.4.0
broadcom:unified_infrastructure_management	broadcom unified infrastructure management	eq	20.1

CNA Affected

[
  {
    "product": "CA Unified Infrastructure Management (Nimsoft/UIM)",
    "vendor": "CA Technologies - A Broadcom Company",
    "versions": [
      {
        "status": "affected",
        "version": "9.20 and below"
      }
    ]
  }
]

References

support.broadcom.com/external/content/security-advisories/CA20200205-01-Security-Notice-for-CA-Unified-Infrastructure-Management/7832

techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVE-2020-8011

cvelist1 prion1 nvd1