CVE-2016-9165

Опубликовано: 20 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/94257
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-606
Third Party Advisory
VDB Entry
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
Vendor Advisory
http://www.securityfocus.com/bid/94257
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-606
Third Party Advisory
VDB Entry
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ca:unified_infrastructure_management:*:*:*:*:*:*:*:*

Версия до 8.47 (включая)

cpe:2.3:a:ca:unified_infrastructure_management_snap:*:*:*:*:*:*:*:*

Версия до 8.47 (включая)

EPSS

Процентиль: 79%

0.0124

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-wxw6-fxw9-jh7g