Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-9021

CWE-269Improper Privilege ManagementCWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
9.8CRITICAL
EPSS
13.4%
top 5.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Broadcom Privileged Access ManagerCA Technologies CA Privileged Access Manager
Timeline
PublishedJun 18
Latest updateMay 13

Description

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4p35-q5ww-g8qx: An authentication bypass vulnerability in CA Privileged Access Manager 22022-05-13
CVEList
CVE-2018-9021: An authentication bypass vulnerability in CA Privileged Access Manager 22018-06-18

💥Exploits & PoCs

1
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution2019-12-05

📋Vendor Advisories

1
Red Hat
php: Heap-based buffer over-read in PHAR reading functions2018-12-06
CVE-2018-9021 (CRITICAL CVSS 9.8) | An authentication bypass vulnerabil | cvebase.io