10 matches found
CVE-2015-4664
CVE-2015-4664 affects CA Privileged Access Manager (PAM) 2.4.4.4 and earlier. The vulnerability is an improper input validation that enables an unauthenticated attacker to perform command injection through the login interface, potentially executing arbitrary commands. The OpenVAS/Modzero/OpenVAS ...
CVE-2018-9021
CA Privileged Access Manager (Broadcom) vulnerability CVE-2018-9021: an authentication bypass allows remote attackers to execute arbitrary commands in 2.8.2 and earlier. Public material shows a remote command execution vector via crafted requests to the /ajax_cmd.php endpoint (importID payload) e...
CVE-2018-9022
CVE-2018-9022 affects Broadcom CA Privileged Access Manager up to version 2.8.2 and earlier. The vulnerability is an authentication bypass that allows a remote attacker to execute arbitrary code or commands by poisoning a configuration file. Public references document this as a remote command exe...
CVE-2018-9023
CA Privileged Access Manager 2.x contains an input validation vulnerability that allows unprivileged users to execute arbitrary commands by passing specially crafted parameters to the update_crld script. Affected component is CA Privileged Access Manager 2.x (update_crld script). Underlying cause...
CVE-2018-9025
The CVE-2018-9025 entry concerns CA Privileged Access Manager 2.x with a log poisoning flaw caused by faulty input validation. A remote attacker can poison log files by sending specially crafted input. Documented details from multiple sources confirm: (1) affected product is CA Privileged Access ...
CVE-2018-9024
CVE-2018-9024 concerns CA Privileged Access Manager 2.x where an improper authentication flaw allows an attacker to spoof IP addresses in a log file. The CNVD entry attributes the issue to the program failing to perform authentication properly, enabling IP impersonation. Other connected documents...
CVE-2018-9026
CA Privileged Access Manager 2.x is affected by CVE-2018-9026, a session fixation vulnerability that could allow remote attackers to hijack user sessions via a specially crafted request. The CNVD/NVD entries confirm the affected product version (2.x) and the vulnerability class but do not provide...
CVE-2018-9028
CA Privileged Access Manager 2.x has weak password encryption that reduces password-cracking complexity, as described for CVE-2018-9028. The connected CNVD/NVD entries corroborate a weak encryption vulnerability in this product line. No specific exploit details, affected versions beyond 2.x, or r...
CVE-2018-9029
CA Privileged Access Manager 2.x contains an improper input validation vulnerability that allows remote attackers to perform SQL injection. The issue stems from input validation weaknesses in the affected component, enabling manipulation of database queries and potential unauthorized data access ...
CVE-2019-7392
The CVE-2019-7392 entry concerns an improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI (jk-manager, jk-status). Affected component: Web-UI authentication mechanism; root cause: improper/authentication weakness allowing remote access. Impact statements in sources indi...