CVE-2020-8011

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

7.5HIGH

EPSS

1.2%

top 20.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Unified Infrastructure Management CA Technologies - A Broadcom Company CA Unified Infrastructure Management (nimsoft/uim)

Timeline

PublishedFeb 18

Latest updateMay 24

Description

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ca_technologies_-_a_broadcom_company/ca_unified_infrastructure_management_(nimsoft/uim)9.20 and below

▶NVDbroadcom/unified_infrastructure_management20.3.0 — 20.4.0+2

🔴Vulnerability Details

GHSA

GHSA-g3w4-c7gj-jc69: CA Unified Infrastructure Management (Nimsoft/UIM) 9↗2022-05-24

▶

CVEList

CVE-2020-8011: CA Unified Infrastructure Management (Nimsoft/UIM) 20↗2020-02-18

▶