PT-2016-7676 · Ca · Ca Unified Infrastructure Management

Rgod

Published

2016-11-09

Updated

2017-03-23

CVE-2016-9165

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CA Unified Infrastructure Management versions prior to 8.5 CA Unified Infrastructure Management Snap versions prior to 8.5

Description The issue allows remote attackers to obtain active session ids, which can be used to bypass authentication or gain privileges.

Recommendations For CA Unified Infrastructure Management versions prior to 8.5, update to version 8.5 or later. For CA Unified Infrastructure Management Snap versions prior to 8.5, update to version 8.5 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-9165

ZDI-16-606

Affected Products

Ca Unified Infrastructure Management

PT-2016-7676 · Ca · Ca Unified Infrastructure Management

CVE-2016-9165

Weakness Enumeration

Related Identifiers

Affected Products

References · 6