Vulnerability CVE-2015-2828

Vulnerability CVE-2015-2828

Published: 2015-04-07 Modified: 2015-04-08

Description:

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9/10	10/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
CA -> Spectrum

References:

http://packetstormsecurity.com/files/131330/Security-Notice-For-CA-Spectrum.html

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150407-01-security-notice-for-ca-spectrum.aspx

http://www.securityfocus.com/archive/1/535205/100/0/threaded

http://www.securityfocus.com/bid/73957

Vulnerability CVE-2015-2828

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

CWE-264

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

9/10

10/10

8/10

Remote

Low

Single time

Complete

Complete

Complete

Affected software

References: