CVE-2017-8391Incorrect Permission Assignment in Client Automation

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 85.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
CA Client Automation
Timeline
PublishedMay 6
Latest updateMay 13

Description

The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDca/client_automationr12.9, r14.0+1

🔴Vulnerability Details

2
GHSA
GHSA-9f96-96vq-hqj3: The OS Installation Management component in CA Client Automation r122022-05-13
CVEList
CVE-2017-8391: The OS Installation Management component in CA Client Automation r122017-05-06
CVE-2017-8391 — Incorrect Permission Assignment | cvebase