Vulnerability CVE-2015-3317


Published: 2015-06-17

Description:
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
CA -> Client automation 
CA -> Network and systems management 
CA -> Nsm job management option 
CA -> Universal job management agent 
CA -> Virtual assurance for infrastructure managers 
CA -> Workload automation ae 

 References:
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx
http://www.securityfocus.com/bid/75033
http://www.securitytracker.com/id/1032512
http://www.securitytracker.com/id/1032513

Copyright 2024, cxsecurity.com

 

Back to Top