PT-2016-7676 · Ca · Ca Unified Infrastructure Management

Rgod

Publicado

2016-11-09

Atualizado

2017-03-23

CVE-2016-9165

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CA Unified Infrastructure Management versions prior to 8.5 CA Unified Infrastructure Management Snap versions prior to 8.5

Description The issue allows remote attackers to obtain active session ids, which can be used to bypass authentication or gain privileges.

Recommendations For CA Unified Infrastructure Management versions prior to 8.5, update to version 8.5 or later. For CA Unified Infrastructure Management Snap versions prior to 8.5, update to version 8.5 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-9165

ZDI-16-606

Produtos afetados

Ca Unified Infrastructure Management

PT-2016-7676 · Ca · Ca Unified Infrastructure Management

CVE-2016-9165

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6