CVE-2015-3318Improper Input Validation in Client Automation

CWE-20Improper Input Validation3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 81.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
CA Client AutomationCA Network AND Systems ManagementCA NSM JOB Management Option+2 more
Timeline
PublishedJun 17
Latest updateMay 13

Description

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unkn

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages5 packages

NVDca/nsm_job_management_optionr11.0, r11.1, r11.2+2
NVDca/client_automationr12.5, r12.8, r12.9+2
NVDca/workload_automation_ae4 versions+3
NVDca/virtual_assurance4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-59xc-wp9m-f2jq: CA Common Services, as used in CA Client Automation r122022-05-13
CVEList
CVE-2015-3318: CA Common Services, as used in CA Client Automation r122015-06-17
CVE-2015-3318 — Improper Input Validation | cvebase