PT-2017-10341 · Ca · Ca Universal Job Management Agent+5
Publicado
2017-01-27
·
Atualizado
2021-11-09
·
CVE-2016-9795
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CA Client Automation versions 12.8 through 14.0
CA SystemEDGE versions 5.8.2 through 5.9
CA Systems Performance for Infrastructure Managers versions 12.8 through 12.9
CA Universal Job Management Agent version 11.2
CA Virtual Assurance for Infrastructure Managers versions 12.8 through 12.9
CA Workload Automation AE versions 11 through 11.3.6
Description
The issue allows local users to modify arbitrary files and gain root privileges due to insufficient validation in the casrvc program.
Recommendations
For CA Client Automation versions 12.8 through 14.0, update to a version that addresses the issue.
For CA SystemEDGE versions 5.8.2 through 5.9, update to a version that addresses the issue.
For CA Systems Performance for Infrastructure Managers versions 12.8 through 12.9, update to a version that addresses the issue.
For CA Universal Job Management Agent version 11.2, update to a version that addresses the issue.
For CA Virtual Assurance for Infrastructure Managers versions 12.8 through 12.9, update to a version that addresses the issue.
For CA Workload Automation AE versions 11 through 11.3.6, update to a version that addresses the issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ca Client Automation
Ca Systemedge
Ca Systems Performance For Infrastructure Managers
Ca Universal Job Management Agent
Ca Virtual Assurance For Infrastructure Managers
Ca Workload Automation Ae