Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-9022

CWE-269Improper Privilege Management4 documents4 sources
Severity
9.8CRITICAL
EPSS
24.9%
top 3.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Broadcom Privileged Access ManagerCA Technologies CA Privileged Access Manager
Timeline
PublishedJun 18
Latest updateMay 13

Description

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-qq9f-gg6w-vgfx: An authentication bypass vulnerability in CA Privileged Access Manager 22022-05-13
CVEList
CVE-2018-9022: An authentication bypass vulnerability in CA Privileged Access Manager 22018-06-18

💥Exploits & PoCs

1
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution2019-12-05
CVE-2018-9022 (CRITICAL CVSS 9.8) | An authentication bypass vulnerabil | cvebase.io