Kaspersky LabKLA10537KLA10537 Multiple vulnerabilities in CA Spectrum
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.0%
Multiple serious vulnerabilities have been found in CA Spectrum. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code.
Below is a complete list of vulnerabilities
- Improper data serialization can be exploited remotely via a specially designed Java object;
- XSS vulnerability can be exploited remotely via an unknown vectors.
Original advisories
Related products
CVE list
CVE-2015-2828 critical
CVE-2015-2827 warning
Solution
Update to the latest version
Impacts
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- CA Spectrum 9.2 all versionsCA Spectrum 9.3 versions earlier than 9.3 H02
Related
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.0%