PT-2017-10341 · Ca · Ca Universal Job Management Agent+5
Published
2017-01-27
·
Updated
2021-11-09
·
CVE-2016-9795
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CA Client Automation versions 12.8 through 14.0
CA SystemEDGE versions 5.8.2 through 5.9
CA Systems Performance for Infrastructure Managers versions 12.8 through 12.9
CA Universal Job Management Agent version 11.2
CA Virtual Assurance for Infrastructure Managers versions 12.8 through 12.9
CA Workload Automation AE versions 11 through 11.3.6
Description
The issue allows local users to modify arbitrary files and gain root privileges due to insufficient validation in the casrvc program.
Recommendations
For CA Client Automation versions 12.8 through 14.0, update to a version that addresses the issue.
For CA SystemEDGE versions 5.8.2 through 5.9, update to a version that addresses the issue.
For CA Systems Performance for Infrastructure Managers versions 12.8 through 12.9, update to a version that addresses the issue.
For CA Universal Job Management Agent version 11.2, update to a version that addresses the issue.
For CA Virtual Assurance for Infrastructure Managers versions 12.8 through 12.9, update to a version that addresses the issue.
For CA Workload Automation AE versions 11 through 11.3.6, update to a version that addresses the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ca Client Automation
Ca Systemedge
Ca Systems Performance For Infrastructure Managers
Ca Universal Job Management Agent
Ca Virtual Assurance For Infrastructure Managers
Ca Workload Automation Ae