Broadcom Privileged Access Manager vulnerabilities

10 known vulnerabilities affecting broadcom/privileged_access_manager.

Total CVEs

10

CISA KEV

0

Public exploits

3

Exploited in wild

0

Severity breakdown

CRITICAL5HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2019-7392CRITICALCVSS 9.1≥ 3.0.1, ≤ 3.0.3≥ 3.1.1, ≤ 3.1.2+1 more2019-02-26

CVE-2019-7392 [CRITICAL] CWE-287 CVE-2019-7392: An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and j An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.

CVE-2018-9022CRITICALCVSS 9.8PoC≤ 2.8.22018-06-18

CVE-2018-9022 [CRITICAL] CWE-269 CVE-2018-9022: An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remo An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

CVE-2015-4664CRITICALCVSS 9.8PoC≤ 2.4.4.42018-06-18

CVE-2015-4664 [CRITICAL] CWE-20 CVE-2015-4664: An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allow An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

CVE-2018-9021CRITICALCVSS 9.8PoC≤ 2.8.22018-06-18

CVE-2018-9021 [CRITICAL] CWE-269 CVE-2018-9021: An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remo An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

CVE-2018-9029CRITICALCVSS 9.8≥ 2.0.0, < 3.0.02018-06-18

CVE-2018-9029 [CRITICAL] CWE-89 CVE-2018-9029: An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attacke An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

CVE-2018-9025HIGHCVSS 7.5≥ 2.0.0, < 3.0.02018-06-18

CVE-2018-9025 [HIGH] CWE-20 CVE-2018-9025: An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poi An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

CVE-2018-9023HIGHCVSS 8.8≥ 2.0.0, < 3.0.02018-06-18

CVE-2018-9023 [HIGH] CWE-20 CVE-2018-9023: An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to e An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.

CVE-2018-9026HIGHCVSS 7.5≥ 2.0.0, < 3.0.02018-06-18

CVE-2018-9026 [HIGH] CWE-384 CVE-2018-9026: A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hija A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

CVE-2018-9028HIGHCVSS 7.5≥ 2.0.0, < 3.0.02018-06-18

CVE-2018-9028 [HIGH] CWE-326 CVE-2018-9028: Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

CVE-2018-9024MEDIUMCVSS 5.3≥ 2.0.0, < 3.0.02018-06-18

CVE-2018-9024 [MEDIUM] CWE-287 CVE-2018-9024: An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spo An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.