Broadcom Ca Client Automation vulnerabilities

CVE-2024-38499 [HIGH] CWE-269 CVE-2024-38499: CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.

CVE-2019-19231 [HIGH] CWE-65 CVE-2019-19231: An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agen An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.

CVE-2019-13656 [CRITICAL] CWE-284 CVE-2019-13656: An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Worklo An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.