CVE-2017-9393

EPSS 0.42%
Veröffentlicht 22.09.2017 14:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle vuln@ca.com
Teams Watchlist Login
Unerledigt Login

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ca ≫ Identity Manager Version12.6 Updatega

Ca ≫ Identity Manager Version12.6 Updatesp1

Ca ≫ Identity Manager Version12.6 Updatesp2

Ca ≫ Identity Manager Version12.6 Updatesp3

Ca ≫ Identity Manager Version12.6 Updatesp4

Ca ≫ Identity Manager Version12.6 Updatesp5

Ca ≫ Identity Manager Version12.6 Updatesp6

Ca ≫ Identity Manager Version12.6 Updatesp7

Ca ≫ Identity Manager Version12.6 Updatesp8

Ca ≫ Identity Manager Version14.0

Ca ≫ Identity Manager Version14.1

Ca ≫ Identity Manager Virtual Appliance Version14.0

Ca ≫ Identity Manager Virtual Appliance Version14.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/100956

Third Party Advisory

VDB Entry

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9393

EUVD