CVE-2019-7392

Опубликовано: 26 фев. 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.

Ссылки

http://www.securityfocus.com/bid/107040
Third Party Advisory
https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html
Vendor Advisory
http://www.securityfocus.com/bid/107040
Third Party Advisory
https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01--security-notice-for-ca-privileged-access-manager.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:privileged_access_manager:*:*:*:*:*:*:*:*

Версия от 3.0.1 (включая) до 3.0.3 (включая)

cpe:2.3:a:broadcom:privileged_access_manager:*:*:*:*:*:*:*:*

Версия от 3.1.1 (включая) до 3.1.2 (включая)

cpe:2.3:a:broadcom:privileged_access_manager:*:*:*:*:*:*:*:*

Версия от 3.2.0 (включая) до 3.2.1 (включая)

EPSS

Процентиль: 63%

0.00449

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-w7h6-3jpg-mpq7

CVSS3: 9.1

github

больше 3 лет назад

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.

EPSS

Процентиль: 63%

0.00449

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287