CVE-2016-9164

Related Files

CA Unified Infrastructure Management Bypass / Traversal / Disclosure

Posted Nov 10, 2016

Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.

tags | advisory, remote, vulnerability, info disclosure

advisories | CVE-2016-5803, CVE-2016-9164, CVE-2016-9165

SHA-256 | 401bc9e25b7ad17f38793debbf4334be9ee3ec63ae80d59175c80f5dfab7a0f5

Download | Favorite | View