7.8

CVE-2016-9795

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BroadcomCa Workload Automation Ae Version11.0
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomCa Workload Automation Ae Version11.3
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomCa Workload Automation Ae Version11.3.5
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomCa Workload Automation Ae Version11.3.6
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomClient Automation Version12.8
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomClient Automation Version12.9
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomClient Automation Version14.0
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomSystemedge Version5.8.2
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomSystemedge Version5.9
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomSystems Performance For Infrastructure Managers Version12.8
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
BroadcomSystems Performance For Infrastructure Managers Version12.9
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
CaUniversal Job Management Agent Version11.2
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
CaVirtual Assurance For Infrastructure Managers Version12.8
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
CaVirtual Assurance For Infrastructure Managers Version12.9
   HpHp-ux
   IbmAix
   LinuxLinux Kernel
   OracleSolaris
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.183
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/95819
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037730
Third Party Advisory
VDB Entry