CVE-2020-28421

Опубликовано: 23 нояб. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.

Ссылки

http://seclists.org/fulldisclosure/2020/Nov/41
Mailing List
Third Party Advisory
https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565
Vendor Advisory
http://seclists.org/fulldisclosure/2020/Nov/41
Mailing List
Third Party Advisory
https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:broadcom:unified_infrastructure_management:*:*:*:*:*:*:*:*

Версия до 20.1 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00051

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8g5p-g58h-hr3v

github

больше 3 лет назад