CVE-2021-28248

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE:...

CVE-2021-28250

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...

EUVD-2010-0671

Malware in sbrugna...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

Data Edge CA eHealth Performance Manager Elevation of Privilege Vulnerability

Data Edge CA eHealth Performance Manager is an application from Data Edge Ireland. It provides real-time and predictive performance analytics to take corrective action before business processes are negatively impacted. A security vulnerability exists in Data Edge CA eHealth Performance Manager...

Data Edge CA eHealth Performance Manager Cross-Site Scripting Vulnerability

Data Edge CA eHealth Performance Manager is an application from Data Edge Ireland. It provides real-time and predictive performance analytics to take corrective action before business processes are negatively impacted. A cross-site scripting vulnerability exists in Data Edge CA eHealth Performanc...

CVE-2021-28248

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE:...

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

Privilege escalation

UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability onl...

Privilege escalation

UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The co...

CVE-2021-28248

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE:...

CVE-2021-28247

CA eHealth Performance Manager (Data Edge) versions up to 6.3.2.12 are affected by a reflected XSS due to improper sanitization. The vulnerability allows an authenticated remote user to inject scripts via endpoints cgi/nhWeb with report, aviewbin/filtermibobjects.pl with namefilter, and aviewbin/...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

CVE-2021-28246

CVE-2021-28246 affects CA eHealth Performance Manager up to version 6.3.2.12. The issue is a privilege-escalation defect where a regular user can place a malicious library in the writable RPATH, which is dynamically linked when the emtgtctl2 executable runs, causing the library code to execute wi...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

PT-2021-17831 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions through 6.3.2.12 Description: The issue is related to Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user can create a malicious library in the writable RPATH, which will...

PT-2021-17835 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue is related to Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code wi...

PT-2021-17834 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue allows for privilege escalation via a dynamically linked shared object library. To exploit this, the ehealth user must create a malicious library in the...

PT-2021-17833 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions 6.3.2.12 and earlier Description: The issue is related to improper restriction of excessive authentication attempts. An attacker can perform an arbitrary number of authentication attempts using differen...