CVE-2016-9795 — Improper Input Validation in CA Workload Automation AE

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 78.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom CA Workload Automation AE Broadcom Client Automation Broadcom Systemedge +3 more

Timeline

PublishedJan 27

Latest updateMay 13

Description

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficie…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶NVDbroadcom/client_automation12.8, 12.9, 14.0+2

▶NVDca/universal_job_management_agent11.2

▶NVDbroadcom/ca_workload_automation_ae4 versions+3

▶NVDca/virtual_assurance12.8, 12.9+1

▶NVDbroadcom/systems_performance12.8, 12.9+1

🔴Vulnerability Details

GHSA

GHSA-9cjv-vp2f-72cv: The casrvc program in CA Common Services, as used in CA Client Automation 12↗2022-05-13

▶

CVEList

CVE-2016-9795: The casrvc program in CA Common Services, as used in CA Client Automation 12↗2017-01-27

▶

📋Vendor Advisories

Microsoft

The casrvc program in CA Common Services as used in CA Client Automation 12.8 12.9 and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal↗2017-01-10

▶