CVE-2021-28247
- EPSS 0.15%
- Veröffentlicht 26.03.2021 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:59:23
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Re...
CVE-2021-28249
- EPSS 0.05%
- Veröffentlicht 26.03.2021 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:59:24
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamicall...
CVE-2021-28250
- EPSS 0.05%
- Veröffentlicht 26.03.2021 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:59:24
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE:...
CVE-2010-0640
- EPSS 0.25%
- Veröffentlicht 24.02.2010 18:30:00
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.