Privileged Access Manager Security Vulnerabilities
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
9.8CVSS
9.6AI Score
0.01EPSS
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
9.8CVSS
9.9AI Score
0.008EPSS
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
9.8CVSS
9.9AI Score
0.093EPSS
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
8.8CVSS
8.9AI Score
0.001EPSS
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
5.3CVSS
5.3AI Score
0.001EPSS
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
7.5CVSS
7.5AI Score
0.001EPSS
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
7.5CVSS
7.4AI Score
0.001EPSS
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
7.5CVSS
7.6AI Score
0.001EPSS
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
9.8CVSS
9.7AI Score
0.001EPSS
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
9.1CVSS
9.2AI Score
0.006EPSS