Filtered by vendor Ca
Subscriptions
Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-09-17 | N/A |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | ||||
| CVE-2018-13825 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-09-17 | N/A |
| Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | ||||
| CVE-2018-9027 | 1 Ca | 1 Ca Privileged Access Manager | 2024-09-17 | N/A |
| A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | ||||
| CVE-2009-4149 | 1 Ca | 1 Service Desk | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | ||||
| CVE-2010-5156 | 2 Ca, Microsoft | 2 Internet Security Suite 2010, Windows Xp | 2024-09-17 | N/A |
| Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
| CVE-2017-9393 | 1 Ca | 2 Identity Manager, Identity Manager Virtual Appliance | 2024-09-17 | N/A |
| CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | ||||
| CVE-2017-9394 | 1 Ca | 1 Identity Governance | 2024-09-17 | N/A |
| A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | ||||
| CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-09-17 | N/A |
| Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | ||||
| CVE-2018-8954 | 1 Ca | 1 Workload Control Center | 2024-09-17 | N/A |
| CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | ||||
| CVE-2010-4502 | 1 Ca | 1 Internet Security Suite Plus 2010 | 2024-09-17 | N/A |
| Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow. | ||||
| CVE-2019-7394 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-09-17 | 8.8 High |
| A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. | ||||
| CVE-2018-6587 | 1 Ca | 1 Api Developer Portal | 2024-09-17 | 6.1 Medium |
| CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | ||||
| CVE-2018-19635 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-09-17 | N/A |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | ||||
| CVE-2012-5973 | 1 Ca | 1 Xcom Data Transport | 2024-09-16 | N/A |
| CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2018-13821 | 1 Ca | 1 Unified Infrastructure Management | 2024-09-16 | N/A |
| A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. | ||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-09-16 | 7.5 High |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | ||||
| CVE-2011-4054 | 1 Ca | 1 Siteminder | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. | ||||
| CVE-2018-8953 | 1 Ca | 1 Workload Automation Ae | 2024-09-16 | N/A |
| CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | ||||
| CVE-2012-6299 | 1 Ca | 1 Identityminder | 2024-09-16 | N/A |
| Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2019-7393 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-09-16 | 4.3 Medium |
| A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | ||||