CVE-2015-3318

Name of the Vulnerable Software and Affected Versions CA Client Automation versions r12.5 SP01 through r12.9 CA Network and Systems Management versions r11.0 through r11.2 CA NSM Job Management Option versions r11.0 through r11.2 CA Universal Job Management Agent (affected versions not specified) CA Virtual Assurance for Infrastructure Managers versions 12.6 through 12.9 CA Workload Automation AE versions r11 through r11.3.6

Description The issue is related to improper validation of an unspecified variable, allowing local users to gain privileges. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For CA Client Automation versions r12.5 SP01 through r12.9, update to a version that properly validates user input. For CA Network and Systems Management versions r11.0 through r11.2, restrict access to sensitive areas until a proper validation mechanism is implemented. For CA NSM Job Management Option versions r11.0 through r11.2, consider disabling privileged operations until the issue is resolved. For CA Universal Job Management Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For CA Virtual Assurance for Infrastructure Managers versions 12.6 through 12.9, avoid using the affected variable in local operations until the issue is fixed. For CA Workload Automation AE versions r11 through r11.3.6, apply configuration changes to limit privilege escalation.