4.3

CVE-2019-7393

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CaRisk Authentication Version >= 8.0 <= 8.2.1
CaRisk Authentication Version3.1
CaRisk Authentication Version9.0
CaStrong Authentication Version >= 8.0 <= 8.2.1
CaStrong Authentication Version7.1
CaStrong Authentication Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.32% 0.812
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/May/43
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/108483
Third Party Advisory
VDB Entry
https://seclists.org/bugtraq/2019/May/66
Third Party Advisory
Mailing List
https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html
Vendor Advisory