CVE-2017-9393

EPSS 0.42%
Published 22.09.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source vuln@ca.com
Teams watchlist Login
Open Login

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ca ≫ Identity Manager Version12.6 Updatega

Ca ≫ Identity Manager Version12.6 Updatesp1

Ca ≫ Identity Manager Version12.6 Updatesp2

Ca ≫ Identity Manager Version12.6 Updatesp3

Ca ≫ Identity Manager Version12.6 Updatesp4

Ca ≫ Identity Manager Version12.6 Updatesp5

Ca ≫ Identity Manager Version12.6 Updatesp6

Ca ≫ Identity Manager Version12.6 Updatesp7

Ca ≫ Identity Manager Version12.6 Updatesp8

Ca ≫ Identity Manager Version14.0

Ca ≫ Identity Manager Version14.1

Ca ≫ Identity Manager Virtual Appliance Version14.0

Ca ≫ Identity Manager Virtual Appliance Version14.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.591

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/100956

Third Party Advisory

VDB Entry

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9393

EUVD