Lucene search

PRIOn knowledge basePRION:CVE-2009-0043

HistoryJan 08, 2009 - 7:30 p.m.

Design/Logic Flaw

2009-01-0819:30:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.056 Low

EPSS

Percentile

93.1%

JSON

The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

CPENameOperatorVersion
service_level_managementeq3.5
service_metric_analysiseq11.1.114
service_metric_analysiseq11.0.114
service_metric_analysiseqr11.1 sp1

Name	Operator	Version
service_level_management	eq	3.5
service_metric_analysis	eq	11.1.114
service_metric_analysis	eq	11.0.114
service_metric_analysis	eq	r11.1 sp1

References

community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx

securityreason.com/securityalert/4887

www.securityfocus.com/archive/1/499857/100/0/threaded

www.securityfocus.com/bid/33161

www.vupen.com/english/advisories/2009/0053

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.056 Low

EPSS

Percentile

93.1%

JSON

Related for PRION:CVE-2009-0043