CVE-2016-10086 — Service Desk Management vulnerability

CWE-2643 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.7%

top 27.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CA Service Desk Management CA Service Desk Manager

Timeline

PublishedJan 18

Latest updateMay 17

Description

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDca/service_desk_manager12.9

▶NVDca/service_desk_management14.1

Patches

Patch: www.ca.com ↗Patch: www.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-w8v9-hhxr-q4gx: RESTful web services in CA Service Desk Manager 12↗2022-05-17

▶

CVEList

CVE-2016-10086: RESTful web services in CA Service Desk Manager 12↗2017-01-18

▶