cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38499,https://securityvulnerability.io/vulnerability/CVE-2024-38499,Exploiting Encryption Oversights in CA Client Automation,"CVE-2024-38499 is a significant vulnerability in CA Client Automation (ITCM) that exposes non-admin/non-root users to the ability to perform encryption operations via the CAF CLI and SD_ACMD CLI. This flaw permits these less privileged users to access critical encryption keys, leading to potential exploitation of stored credentials. The identified risk necessitates immediate attention, as unauthorized access to sensitive information could have severe ramifications. To mitigate this vulnerability, a fix has been implemented to restrict the execution of the 'caf encrypt' and 'sd_acmd encrypt' commands solely to admin or root users.",Broadcom,Ca Client Automation (itcm),,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T05:43:00.369Z,0
CVE-2022-33756,https://securityvulnerability.io/vulnerability/CVE-2022-33756,Entropy Weakness in CA Automic Automation Engine Leading to Potential Data Exposure,"CA Automic Automation versions 12.2 and 12.3 are affected by an entropy weakness in the Automic Automation Engine. This vulnerability could potentially allow a remote attacker to exploit the weakness to gain unauthorized access to sensitive data, posing a significant risk to users relying on this automation solution. Organizations utilizing these versions should take immediate action to mitigate potential risks and protect their data integrity.",Broadcom,Ca Automic Automation,7.5,HIGH,0.002400000113993883,false,,false,false,false,,,false,false,,2022-06-16T21:23:58.000Z,0
CVE-2022-33755,https://securityvulnerability.io/vulnerability/CVE-2022-33755,Insecure Input Handling in CA Automic Automation by Broadcom,"CA Automic Automation versions 12.2 and 12.3 are susceptible to vulnerabilities due to insecure input handling in the Automic Agent. This flaw may enable remote attackers to potentially enumerate user accounts, leading to unauthorized access and information disclosure risks. Organizations utilizing these versions are advised to assess their systems and apply necessary security measures.",Broadcom,Ca Automic Automation,5.3,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2022-06-16T21:23:47.000Z,0
CVE-2022-33754,https://securityvulnerability.io/vulnerability/CVE-2022-33754,Insufficient Input Validation in CA Automic Automation by Broadcom,"CA Automic Automation versions 12.2 and 12.3 have a vulnerability related to insufficient input validation in the Automic agent. This flaw could potentially enable remote attackers to execute arbitrary code, posing significant security risks for affected installations. Organizations using these versions should prioritize assessing their systems and implementing patches to mitigate potential threats.",Broadcom,Ca Automic Automation,9.8,CRITICAL,0.006380000151693821,false,,false,false,false,,,false,false,,2022-06-16T21:23:34.000Z,0
CVE-2022-33753,https://securityvulnerability.io/vulnerability/CVE-2022-33753,Insecure File Creation and Handling in CA Automic Automation by Broadcom,"The CA Automic Automation versions 12.2 and 12.3 are affected by an insecure file creation and handling vulnerability in the Automic agent. This flaw could enable an attacker with user privileges to elevate their access rights, potentially leading to unauthorized actions. Proper file handling and secure coding practices should be implemented to mitigate this risk effectively.",Broadcom,Ca Automic Automation,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2022-06-16T21:21:27.000Z,0
CVE-2022-33752,https://securityvulnerability.io/vulnerability/CVE-2022-33752,Insufficient Input Validation in CA Automic Automation by Broadcom,"CA Automic Automation versions 12.2 and 12.3 are affected by an insufficient input validation vulnerability within the Automic agent. This flaw could be exploited by a remote attacker, potentially allowing them to execute arbitrary code, thereby compromising the affected systems and posing significant security risks.",Broadcom,Ca Automic Automation,9.8,CRITICAL,0.006380000151693821,false,,false,false,false,,,false,false,,2022-06-16T21:21:17.000Z,0
CVE-2022-33751,https://securityvulnerability.io/vulnerability/CVE-2022-33751,Insecure Memory Handling in CA Automic Automation by Broadcom,"CA Automic Automation versions 12.2 and 12.3 have a vulnerability related to improper memory management in the Automic agent. This flaw enables remote attackers to potentially gain access to sensitive information stored in memory, posing a serious risk to data security. Organizations using affected versions should implement security measures to mitigate unauthorized data access risks.",Broadcom,Ca Automic Automation,7.5,HIGH,0.002400000113993883,false,,false,false,false,,,false,false,,2022-06-16T21:21:04.000Z,0
CVE-2022-33750,https://securityvulnerability.io/vulnerability/CVE-2022-33750,Authentication Error Vulnerability in CA Automic Automation by Broadcom,"The CA Automic Automation products versions 12.2 and 12.3 contain a vulnerability in the Automic agent that allows an unauthenticated remote attacker to exploit an authentication error. This flaw could potentially allow the attacker to execute arbitrary commands on the affected system, leading to a compromise of confidentiality and integrity. Organizations using these versions should apply appropriate security measures to mitigate the risk of exploitation.",Broadcom,Ca Automic Automation,9.8,CRITICAL,0.008440000005066395,false,,false,false,false,,,false,false,,2022-06-16T21:20:55.000Z,0
CVE-2019-19544,https://securityvulnerability.io/vulnerability/CVE-2019-19544,Privilege Escalation Vulnerability in CA Automic Dollar Universe by CA Technologies,"The vulnerability in CA Automic Dollar Universe 5.3.3 arises from the uxdqmsrv binary being setuid root, which enables local attackers to potentially gain elevated privileges. This issue was identified a considerable time after the product's End of Life status on April 1, 2015, highlighting concerns over legacy software security. The possibility of exploiting this flaw poses serious risks to systems still running affected versions.",Broadcom,Ca Automic Dollar Universe,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-01-08T16:03:13.000Z,0
CVE-2019-19518,https://securityvulnerability.io/vulnerability/CVE-2019-19518,Authentication Bypass Vulnerability in CA Automic Sysload by Broadcom,"CA Automic Sysload versions 5.6.0 through 6.1.2 are vulnerable due to insufficient authentication controls on the File Server port. This flaw could be exploited by remote attackers to execute arbitrary commands, potentially compromising sensitive data and system integrity. Security measures should be implemented to ensure that adequate authentication processes are in place to mitigate the risk associated with this vulnerability.",Broadcom,Ca Automic Sysload,9.8,CRITICAL,0.008779999800026417,false,,false,false,false,,,false,false,,2020-01-08T15:57:21.000Z,0
CVE-2019-19231,https://securityvulnerability.io/vulnerability/CVE-2019-19231,Insecure File Access in CA Client Automation for Windows,"An insecure file access vulnerability in the CA Client Automation Agent for Windows could allow local attackers to gain escalated privileges. This issue affects multiple versions of the agent, potentially exposing sensitive information and granting unauthorized control over system resources. It is crucial for users of CA Client Automation to implement proper security measures to mitigate this risk and safeguard their systems. For detailed insights and remediation steps, refer to the official security notices provided by Broadcom.","Ca Technologies, Broadcom Company",Ca Client Automation,7.3,HIGH,0.0004199999966658652,false,,false,false,true,2019-12-21T09:23:51.000Z,true,false,false,,2019-12-20T21:08:06.000Z,0
CVE-2019-19230,https://securityvulnerability.io/vulnerability/CVE-2019-19230,Unsafe Deserialization Vulnerability in CA Release Automation by Broadcom,"An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6, specifically within the DataManagement component. This flaw can be exploited by malicious actors to execute arbitrary code remotely, potentially allowing them to manipulate the system or access sensitive data without proper authorization. Organizations using this product should take immediate action to mitigate the risks associated with this vulnerability.","Ca Technologies, A Broadcom Company",Ca Release Automation,9.8,CRITICAL,0.034869998693466187,false,,false,false,false,,,false,false,,2019-12-09T00:00:00.000Z,0
CVE-2019-6504,https://securityvulnerability.io/vulnerability/CVE-2019-6504,,"Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.",Ca Technologies - A Broadcom Company,Ca Automic Workload Automation,6.1,MEDIUM,0.009519999846816063,false,,false,false,false,,,false,false,,2019-01-24T00:00:00.000Z,0
CVE-2016-9795,https://securityvulnerability.io/vulnerability/CVE-2016-9795,,"The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.",Broadcom,"Ca Workload Automation Ae,Client Automation,Systemedge,Systems Performance For Infrastructure Managers,Universal Job Management Agent,Virtual Assurance For Infrastructure Managers",7.8,HIGH,0.0004199999966658652,false,,false,false,true,2020-12-29T21:07:09.000Z,true,false,false,,2017-01-27T22:01:00.000Z,0