CVE-2017-9393

Опубликовано: 22 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

Ссылки

http://www.securityfocus.com/bid/100956
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html
Vendor Advisory
http://www.securityfocus.com/bid/100956
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ca:identity_manager:12.6:ga:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp1:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp2:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp3:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp4:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp5:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp6:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp7:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:12.6:sp8:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:14.0:*:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager:14.1:*:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager_virtual_appliance:14.0:*:*:*:*:*:*:*

cpe:2.3:a:ca:identity_manager_virtual_appliance:14.1:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00419

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-h978-qhj9-9fjc