5 matches found
CVE-2016-9165
The CVE-2016-9165 issue affects CA Unified Infrastructure Management (UIM) and CA UIM Snap prior to version 8.5, via the get_sessions servlet. The vulnerability allows remote, unauthenticated attackers to obtain active session IDs, which can be used to hijack sessions and bypass authentication or...
CVE-2016-9164
CA Unified Infrastructure Management (UIM) diag.jsp contains a directory traversal vulnerability (CVE-2016-9164) that allows remote, unauthenticated attackers to read arbitrary files. Affected products include UIM 8.4 SP1 and earlier (and CA UIM Snap), with disclosures indicating the issue exists...
CVE-2018-13819
CA Unified Infrastructure Management (UIM) versions 8.5.1, 8.5, and 8.4.7 contain a hardcoded secret key that could allow an attacker to access sensitive information. This CVE (CVE-2018-13819) is corroborated by the NVD entry and the CA/Tenable advisories, which also reference additional vulnerab...
CVE-2018-13821
CA Unified Infrastructure Management (UIM) versions 8.5.1, 8.5, and 8.4.7 are affected by CVE-2018-13821 due to a lack of authentication. This allows remote attackers to perform a range of actions, including reading and writing files. The vulnerability is documented in multiple sources (NVD entry...
CVE-2018-13820
CVE-2018-13820 affects CA Unified Infrastructure Management (UIM) versions 8.5.1, 8.5, and 8.4.7 due to a hardcoded passphrase, which could allow an attacker to access sensitive information. The vulnerability is described across multiple sources (NVD/NVD-derived, CNVD, CNVD-related listings), wit...