A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
[
{
"product": "CA Strong Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
},
{
"product": "CA Risk Authentication",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "9.0.x"
},
{
"status": "affected",
"version": "8.2.x"
},
{
"status": "affected",
"version": "8.1.x"
},
{
"status": "affected",
"version": "8.0.x"
},
{
"status": "affected",
"version": "3.1.x"
}
]
}
]
packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html
seclists.org/fulldisclosure/2019/May/43
www.securityfocus.com/bid/108483
seclists.org/bugtraq/2019/May/66
support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html