Search criteria
79 vulnerabilities
CVE-2025-69276 (GCVE-0-2025-69276)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:53 – Updated: 2026-01-12 14:56
VLAI?
Title
Spectrum insecure deserialiation
Summary
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.13 and earlier
(custom)
Unaffected: 25.4.1 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T14:56:44.565306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T14:56:58.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.13 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.4.1 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.13 and earlier.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:53:09.752Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum insecure deserialiation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69276",
"datePublished": "2026-01-12T04:53:09.752Z",
"dateReserved": "2025-12-31T03:22:49.491Z",
"dateUpdated": "2026-01-12T14:56:58.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69275 (GCVE-0-2025-69275)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:47 – Updated: 2026-01-12 14:57
VLAI?
Title
Spectrum outdated java library in class-path
Summary
Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.
Severity ?
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.9 and earlier
(custom)
Unaffected: 24.3.10 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T14:57:14.979533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T14:57:23.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.9 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.10 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.9 and earlier.\u003c/p\u003e"
}
],
"value": "Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-588 DOM-Based XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:47:07.893Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum outdated java library in class-path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69275",
"datePublished": "2026-01-12T04:47:07.893Z",
"dateReserved": "2025-12-31T03:22:49.491Z",
"dateUpdated": "2026-01-12T14:57:23.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69274 (GCVE-0-2025-69274)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:42 – Updated: 2026-01-12 14:58
VLAI?
Title
Spectrum broken authorization scheme
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.10 and earlier
(custom)
Unaffected: 24.3.11 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T14:58:04.733973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T14:58:15.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.10 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.11 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.10 and earlier.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:42:39.547Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum broken authorization scheme",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69274",
"datePublished": "2026-01-12T04:42:39.547Z",
"dateReserved": "2025-12-31T03:22:49.491Z",
"dateUpdated": "2026-01-12T14:58:15.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69273 (GCVE-0-2025-69273)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:38 – Updated: 2026-01-12 15:16
VLAI?
Title
Spectrum broken authentication
Summary
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.10 and earlier
(custom)
Unaffected: 24.3.11 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:10:39.580056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:16:40.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.10 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.11 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.10 and earlier.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:38:53.570Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum broken authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69273",
"datePublished": "2026-01-12T04:38:53.570Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:16:40.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69272 (GCVE-0-2025-69272)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:33 – Updated: 2026-01-12 15:19
VLAI?
Title
Spectrum password returned in clear
Summary
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
21.2.1 and earlier
(custom)
Unaffected: 21.2.2 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:19:14.389543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:19:26.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "21.2.1 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "21.2.2 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.1_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.1_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.2_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.2_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.\u003cp\u003eThis issue affects DX NetOps Spectrum: 21.2.1 and earlier.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:33:37.988Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum password returned in clear",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69272",
"datePublished": "2026-01-12T04:33:37.988Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:19:26.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69271 (GCVE-0-2025-69271)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:27 – Updated: 2026-01-12 15:20
VLAI?
Title
Spectrum basic authentication in use
Summary
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.13 and earlier
(custom)
Unaffected: 25.4.1 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:20:26.381494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:20:41.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.13 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.4.1 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.13 and earlier.\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:27:55.507Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum basic authentication in use",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69271",
"datePublished": "2026-01-12T04:27:55.507Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:20:41.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69270 (GCVE-0-2025-69270)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:20 – Updated: 2026-01-12 15:21
VLAI?
Title
Spectrum session token in URL
Summary
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Severity ?
CWE
- CWE-598 - Information Exposure Through Query Strings in GET Request
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.8 and earlier
(custom)
Unaffected: 24.3.9 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:21:01.996598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:21:09.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.8 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.9 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
}
],
"value": "Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598 Information Exposure Through Query Strings in GET Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:35:06.225Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "EXTERNAL"
},
"title": "Spectrum session token in URL",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69270",
"datePublished": "2026-01-12T04:20:13.446Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:21:09.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69269 (GCVE-0-2025-69269)
Vulnerability from cvelistv5 – Published: 2026-01-12 04:10 – Updated: 2026-01-12 15:51
VLAI?
Title
Spectrum command injection in NCM service
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
23.3.6 and earlier
(custom)
Unaffected: 23.3.7 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:51:21.445557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:51:36.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "23.3.6 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.3.7 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.6_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.6_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.7_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.7_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.\u003cp\u003eThis issue affects DX NetOps Spectrum: 23.3.6 and earlier.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T04:10:44.802Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "UNKNOWN"
},
"title": "Spectrum command injection in NCM service",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69269",
"datePublished": "2026-01-12T04:10:44.802Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:51:36.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69268 (GCVE-0-2025-69268)
Vulnerability from cvelistv5 – Published: 2026-01-12 03:59 – Updated: 2026-01-12 15:52
VLAI?
Title
Spectrum reflected XSS
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.8 and earlier
(custom)
Unaffected: 24.3.9 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:52:32.107959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:52:46.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.8 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.9 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T03:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T03:59:17.522Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "EXTERNAL"
},
"title": "Spectrum reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69268",
"datePublished": "2026-01-12T03:59:17.522Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:52:46.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69267 (GCVE-0-2025-69267)
Vulnerability from cvelistv5 – Published: 2026-01-12 03:53 – Updated: 2026-01-12 15:53
VLAI?
Title
Spectrum directory path traversal
Summary
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | DX NetOps Spectrum |
Affected:
24.3.8 and earlier
(custom)
Unaffected: 24.3.9 and later (custom) |
Credits
Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:53:32.387669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T15:53:40.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux"
],
"product": "DX NetOps Spectrum",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "24.3.8 and earlier",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.9 and later",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
}
],
"datePublic": "2026-01-12T03:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T03:53:00.624Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
}
],
"source": {
"advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
"discovery": "EXTERNAL"
},
"title": "Spectrum directory path traversal",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-69267",
"datePublished": "2026-01-12T03:53:00.624Z",
"dateReserved": "2025-12-31T03:22:49.490Z",
"dateUpdated": "2026-01-12T15:53:40.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4971 (GCVE-0-2025-4971)
Vulnerability from cvelistv5 – Published: 2025-05-19 23:42 – Updated: 2025-05-20 14:08
VLAI?
Title
Broadcom Automic Automation Agent Unix privilege escalation
Summary
Broadcom Automic
Automation Agent Unix versions <
24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution
rights on the agent executable to escalate their privileges.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | Automic Automation |
Affected:
< 24.3.0 HF4, and < 21.0.13 HF1
(custom)
Unaffected: 24.3.0 HF4 or later, and 21.0.13 HF1 or later (custom) |
Credits
Flora Schäfer, secuvera GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T14:08:16.881016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:08:34.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"UNIX"
],
"product": "Automic Automation",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "\u003c 24.3.0 HF4, and \u003c 21.0.13 HF1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.3.0 HF4 or later, and 21.0.13 HF1 or later",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Flora Sch\u00e4fer, secuvera GmbH"
}
],
"datePublic": "2025-05-19T23:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Broadcom Automic\nAutomation Agent Unix versions \u0026lt;\n24.3.0 HF4 and \u0026lt; 21.0.13 HF1 allow low privileged users who have execution\nrights on the agent executable to escalate their privileges. \n\n\n\n\u003cbr\u003e"
}
],
"value": "Broadcom Automic\nAutomation Agent Unix versions \u003c\n24.3.0 HF4 and \u003c 21.0.13 HF1 allow low privileged users who have execution\nrights on the agent executable to escalate their privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T23:42:23.173Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25732"
},
{
"url": "https://www.secuvera.de/advisories/secuvera-SA-2025-01.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Broadcom Automic Automation Agent Unix privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2025-4971",
"datePublished": "2025-05-19T23:42:23.173Z",
"dateReserved": "2025-05-19T22:33:20.205Z",
"dateUpdated": "2025-05-20T14:08:34.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33739 (GCVE-0-2022-33739)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:25 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.
Severity ?
No CVSS data available.
CWE
- insecure XML parsing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Clarity |
Affected:
15.8 and below, 15.9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Clarity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "15.8 and below, 15.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure XML parsing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:25:45",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Clarity",
"version": {
"version_data": [
{
"version_value": "15.8 and below, 15.9.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure XML parsing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33739",
"datePublished": "2022-06-16T21:25:45",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33756 (GCVE-0-2022-33756)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:23 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.
Severity ?
No CVSS data available.
CWE
- entropy weakness
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "entropy weakness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:23:58",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "entropy weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33756",
"datePublished": "2022-06-16T21:23:58",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33755 (GCVE-0-2022-33755)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:23 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.
Severity ?
No CVSS data available.
CWE
- insecure input handling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure input handling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:23:47",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure input handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33755",
"datePublished": "2022-06-16T21:23:47",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33754 (GCVE-0-2022-33754)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:23 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- insufficient input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:23:34",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33754",
"datePublished": "2022-06-16T21:23:34",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33753 (GCVE-0-2022-33753)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:21 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
Severity ?
No CVSS data available.
CWE
- insecure file creation and handling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure file creation and handling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:21:27",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure file creation and handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33753",
"datePublished": "2022-06-16T21:21:27",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33752 (GCVE-0-2022-33752)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:21 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- insufficient input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:21:17",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33752",
"datePublished": "2022-06-16T21:21:17",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33751 (GCVE-0-2022-33751)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:21 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
Severity ?
No CVSS data available.
CWE
- insecure memory handling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure memory handling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:21:04",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure memory handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33751",
"datePublished": "2022-06-16T21:21:04",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33750 (GCVE-0-2022-33750)
Vulnerability from cvelistv5 – Published: 2022-06-16 21:20 – Updated: 2024-08-03 08:09
VLAI?
Summary
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
Severity ?
No CVSS data available.
CWE
- authentication error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Automic Automation |
Affected:
12.2, 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2, 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T21:20:55",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-33750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Automation",
"version": {
"version_data": [
{
"version_value": "12.2, 12.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-33750",
"datePublished": "2022-06-16T21:20:55",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23992 (GCVE-0-2022-23992)
Vulnerability from cvelistv5 – Published: 2022-02-14 21:04 – Updated: 2024-08-03 03:59
VLAI?
Summary
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
Severity ?
No CVSS data available.
CWE
- insufficient input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | XCOM Data Transport for Windows, Linux, and UNIX |
Affected:
11.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XCOM Data Transport for Windows, Linux, and UNIX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T21:04:34",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-23992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XCOM Data Transport for Windows, Linux, and UNIX",
"version": {
"version_data": [
{
"version_value": "11.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750",
"refsource": "MISC",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-23992",
"datePublished": "2022-02-14T21:04:34",
"dateReserved": "2022-01-26T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22689 (GCVE-0-2022-22689)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI?
Summary
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
Severity ?
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Harvest Software Change Manager |
Affected:
13.0.3, 13.0.4, 14.0.0, 14.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:48.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Harvest Software Change Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "13.0.3, 13.0.4, 14.0.0, 14.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:27",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-22689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Harvest Software Change Manager",
"version": {
"version_data": [
{
"version_value": "13.0.3, 13.0.4, 14.0.0, 14.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-22689",
"datePublished": "2022-02-04T22:29:27",
"dateReserved": "2022-01-05T00:00:00",
"dateUpdated": "2024-08-03T03:21:48.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23083 (GCVE-0-2022-23083)
Vulnerability from cvelistv5 – Published: 2022-01-18 16:52 – Updated: 2024-08-03 03:28
VLAI?
Summary
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetMaster Network Management for TCP/IP and NetMaster File Transfer Management |
Affected:
12.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetMaster Network Management for TCP/IP and NetMaster File Transfer Management",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T16:52:35",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2022-23083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetMaster Network Management for TCP/IP and NetMaster File Transfer Management",
"version": {
"version_data": [
{
"version_value": "12.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049",
"refsource": "MISC",
"url": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2022-23083",
"datePublished": "2022-01-18T16:52:35",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:43.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44050 (GCVE-0-2021-44050)
Vulnerability from cvelistv5 – Published: 2021-12-02 18:18 – Updated: 2024-08-04 04:10
VLAI?
Summary
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
Severity ?
No CVSS data available.
CWE
- SQL injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Network Flow Analysis (NFA) |
Affected:
9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 21.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689"
},
{
"name": "20211203 CA20211201-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Network Flow Analysis (NFA)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 21.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T18:06:06",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689"
},
{
"name": "20211203 CA20211201-01: Security Notice for CA Network Flow Analysis",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2021-44050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Network Flow Analysis (NFA)",
"version": {
"version_data": [
{
"version_value": "9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 21.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689",
"refsource": "MISC",
"url": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689"
},
{
"name": "20211203 CA20211201-01: Security Notice for CA Network Flow Analysis",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2021-44050",
"datePublished": "2021-12-02T18:18:41",
"dateReserved": "2021-11-19T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29478 (GCVE-0-2020-29478)
Vulnerability from cvelistv5 – Published: 2021-01-05 17:24 – Updated: 2024-08-04 16:55
VLAI?
Summary
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
Severity ?
No CVSS data available.
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies, A Broadcom Company | CA Service Catalog |
Affected:
17.2
Affected: 17.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Service Catalog",
"vendor": "CA Technologies, A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "17.2"
},
{
"status": "affected",
"version": "17.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T17:24:46",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
],
"source": {
"advisory": "CA20201215-01",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-29478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Service Catalog",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2"
},
{
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3"
}
]
}
}
]
},
"vendor_name": "CA Technologies, A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-258 Empty Password in Configuration File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810",
"refsource": "CONFIRM",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
}
]
},
"source": {
"advisory": "CA20201215-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-29478",
"datePublished": "2021-01-05T17:24:46",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28421 (GCVE-0-2020-28421)
Vulnerability from cvelistv5 – Published: 2020-11-23 15:43 – Updated: 2024-08-04 16:33
VLAI?
Summary
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
Severity ?
No CVSS data available.
CWE
- Local Privilege Elevation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA Unified Infrastructure Management |
Affected:
20.1, 9.2.0, 9.1.0, 9.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
},
{
"name": "20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Unified Infrastructure Management",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20.1, 9.2.0, 9.1.0, 9.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T20:06:22",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
},
{
"name": "20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/41"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-28421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Unified Infrastructure Management",
"version": {
"version_data": [
{
"version_value": "20.1, 9.2.0, 9.1.0, 9.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565",
"refsource": "MISC",
"url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
},
{
"name": "20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/41"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-28421",
"datePublished": "2020-11-23T15:43:25",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-08-04T16:33:59.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11660 (GCVE-0-2020-11660)
Vulnerability from cvelistv5 – Published: 2020-04-15 20:47 – Updated: 2024-08-04 11:35
VLAI?
Summary
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
Severity ?
No CVSS data available.
CWE
- Authorization Schema Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA API Developer Portal |
Affected:
4.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Schema Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T23:06:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-11660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Schema Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-11660",
"datePublished": "2020-04-15T20:47:13",
"dateReserved": "2020-04-09T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11659 (GCVE-0-2020-11659)
Vulnerability from cvelistv5 – Published: 2020-04-15 20:47 – Updated: 2024-08-04 11:35
VLAI?
Summary
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
Severity ?
No CVSS data available.
CWE
- Authorization Schema Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA API Developer Portal |
Affected:
4.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Schema Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T23:06:04",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-11659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Schema Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-11659",
"datePublished": "2020-04-15T20:47:05",
"dateReserved": "2020-04-09T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11658 (GCVE-0-2020-11658)
Vulnerability from cvelistv5 – Published: 2020-04-15 20:46 – Updated: 2024-08-04 11:35
VLAI?
Summary
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
Severity ?
No CVSS data available.
CWE
- Authorization Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA API Developer Portal |
Affected:
4.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T23:06:01",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-11658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-11658",
"datePublished": "2020-04-15T20:46:55",
"dateReserved": "2020-04-09T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11663 (GCVE-0-2020-11663)
Vulnerability from cvelistv5 – Published: 2020-04-15 19:08 – Updated: 2024-08-04 11:35
VLAI?
Summary
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA API Developer Portal |
Affected:
4.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T23:06:04",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-11663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-11663",
"datePublished": "2020-04-15T19:08:37",
"dateReserved": "2020-04-09T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11662 (GCVE-0-2020-11662)
Vulnerability from cvelistv5 – Published: 2020-04-15 19:08 – Updated: 2024-08-04 11:35
VLAI?
Summary
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
Severity ?
No CVSS data available.
CWE
- CORS OriginHeaderScrutiny
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CA API Developer Portal |
Affected:
4.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA API Developer Portal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CORS OriginHeaderScrutiny",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T23:06:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"ID": "CVE-2020-11662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA API Developer Portal",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CORS OriginHeaderScrutiny"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
"refsource": "MISC",
"url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
},
{
"name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
},
{
"name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/24"
},
{
"name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2020-11662",
"datePublished": "2020-04-15T19:08:30",
"dateReserved": "2020-04-09T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}