CVE-2016-9164

Опубликовано: 07 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.

Ссылки

http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Nov/55
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/94257
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-607
Third Party Advisory
VDB Entry
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
Vendor Advisory
http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Nov/55
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/94257
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-607
Third Party Advisory
VDB Entry
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ca:unified_infrastructure_management:*:sp1:*:*:*:*:*:*

Версия до 8.4 (включая)

EPSS

Процентиль: 87%

0.03618

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-3mp6-r5gq-47xq