CVE-2018-9021

Опубликовано: 18 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

Ссылки

http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/104496
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
Broken Link
http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/104496
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:broadcom:privileged_access_manager:*:*:*:*:*:*:*:*

Версия до 2.8.2 (включая)

EPSS

Процентиль: 95%

0.16926

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-4p35-q5ww-g8qx