Lucene search
K
BroadcomPrivileged Access Manager

10 matches found

CVE
CVE
added 2018/06/18 6:0 p.m.100 views

CVE-2015-4664

CVE-2015-4664 affects CA Privileged Access Manager (PAM) 2.4.4.4 and earlier. The vulnerability is an improper input validation that enables an unauthenticated attacker to perform command injection through the login interface, potentially executing arbitrary commands. The OpenVAS/Modzero/OpenVAS ...

9.8CVSS9.6AI score0.20829EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.86 views

CVE-2018-9021

CA Privileged Access Manager (Broadcom) vulnerability CVE-2018-9021: an authentication bypass allows remote attackers to execute arbitrary commands in 2.8.2 and earlier. Public material shows a remote command execution vector via crafted requests to the /ajax_cmd.php endpoint (importID payload) e...

9.8CVSS9.9AI score0.19382EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.68 views

CVE-2018-9022

CVE-2018-9022 affects Broadcom CA Privileged Access Manager up to version 2.8.2 and earlier. The vulnerability is an authentication bypass that allows a remote attacker to execute arbitrary code or commands by poisoning a configuration file. Public references document this as a remote command exe...

9.8CVSS9.9AI score0.20391EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.50 views

CVE-2018-9023

CA Privileged Access Manager 2.x contains an input validation vulnerability that allows unprivileged users to execute arbitrary commands by passing specially crafted parameters to the update_crld script. Affected component is CA Privileged Access Manager 2.x (update_crld script). Underlying cause...

9CVSS8.9AI score0.01909EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.43 views

CVE-2018-9025

The CVE-2018-9025 entry concerns CA Privileged Access Manager 2.x with a log poisoning flaw caused by faulty input validation. A remote attacker can poison log files by sending specially crafted input. Documented details from multiple sources confirm: (1) affected product is CA Privileged Access ...

7.5CVSS7.5AI score0.01408EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.42 views

CVE-2018-9024

CVE-2018-9024 concerns CA Privileged Access Manager 2.x where an improper authentication flaw allows an attacker to spoof IP addresses in a log file. The CNVD entry attributes the issue to the program failing to perform authentication properly, enabling IP impersonation. Other connected documents...

5.3CVSS5.3AI score0.01125EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.40 views

CVE-2018-9026

CA Privileged Access Manager 2.x is affected by CVE-2018-9026, a session fixation vulnerability that could allow remote attackers to hijack user sessions via a specially crafted request. The CNVD/NVD entries confirm the affected product version (2.x) and the vulnerability class but do not provide...

7.5CVSS7.4AI score0.01334EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.40 views

CVE-2018-9028

CA Privileged Access Manager 2.x has weak password encryption that reduces password-cracking complexity, as described for CVE-2018-9028. The connected CNVD/NVD entries corroborate a weak encryption vulnerability in this product line. No specific exploit details, affected versions beyond 2.x, or r...

7.5CVSS7.6AI score0.00908EPSS
CVE
CVE
added 2018/06/18 6:0 p.m.40 views

CVE-2018-9029

CA Privileged Access Manager 2.x contains an improper input validation vulnerability that allows remote attackers to perform SQL injection. The issue stems from input validation weaknesses in the affected component, enabling manipulation of database queries and potential unauthorized data access ...

9.8CVSS9.7AI score0.01753EPSS
CVE
CVE
added 2019/02/26 6:0 p.m.40 views

CVE-2019-7392

The CVE-2019-7392 entry concerns an improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI (jk-manager, jk-status). Affected component: Web-UI authentication mechanism; root cause: improper/authentication weakness allowing remote access. Impact statements in sources indi...

9.1CVSS9.2AI score0.01721EPSS