2 matches found
CVE-2015-2827
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 contain a stored cross-site scripting vulnerability (CVE-2015-2827) due to insufficient validation of requests, enabling remote authenticated users to inject arbitrary web script or HTML. Affected versions should upgrade to 9.3 H02 or newer (or 9.4+).
CVE-2015-2828
CA Spectrum 9.2.x and 9.3 before 9.3 H02 are vulnerable due to insufficient validation of serialized Java objects. This allows a remote authenticated attacker to escalate to administrative privileges via crafted object data. Remediation: update to CA Spectrum 9.3 H02 or a newer release (as noted ...