cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38499,https://securityvulnerability.io/vulnerability/CVE-2024-38499,Exploiting Encryption Oversights in CA Client Automation,"CVE-2024-38499 is a significant vulnerability in CA Client Automation (ITCM) that exposes non-admin/non-root users to the ability to perform encryption operations via the CAF CLI and SD_ACMD CLI. This flaw permits these less privileged users to access critical encryption keys, leading to potential exploitation of stored credentials. The identified risk necessitates immediate attention, as unauthorized access to sensitive information could have severe ramifications. To mitigate this vulnerability, a fix has been implemented to restrict the execution of the 'caf encrypt' and 'sd_acmd encrypt' commands solely to admin or root users.",Broadcom,Ca Client Automation (itcm),,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T05:43:00.369Z,0
CVE-2019-19231,https://securityvulnerability.io/vulnerability/CVE-2019-19231,Insecure File Access in CA Client Automation for Windows,"An insecure file access vulnerability in the CA Client Automation Agent for Windows could allow local attackers to gain escalated privileges. This issue affects multiple versions of the agent, potentially exposing sensitive information and granting unauthorized control over system resources. It is crucial for users of CA Client Automation to implement proper security measures to mitigate this risk and safeguard their systems. For detailed insights and remediation steps, refer to the official security notices provided by Broadcom.","Ca Technologies, Broadcom Company",Ca Client Automation,7.3,HIGH,0.0004199999966658652,false,,false,false,true,2019-12-21T09:23:51.000Z,true,false,false,,2019-12-20T21:08:06.000Z,0
CVE-2016-9795,https://securityvulnerability.io/vulnerability/CVE-2016-9795,,"The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.",Broadcom,"Ca Workload Automation Ae,Client Automation,Systemedge,Systems Performance For Infrastructure Managers,Universal Job Management Agent,Virtual Assurance For Infrastructure Managers",7.8,HIGH,0.0004199999966658652,false,,false,false,true,2020-12-29T21:07:09.000Z,true,false,false,,2017-01-27T22:01:00.000Z,0
CVE-2015-3316,https://securityvulnerability.io/vulnerability/CVE-2015-3316,,"CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.",Broadcom,"Network And Systems Management,Client Automation,Nsm Job Management Option,Universal Job Management Agent,Virtual Assurance For Infrastructure Managers,Workload Automation Ae",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-06-17T10:00:00.000Z,0