fkie_nvd - fkie_cve-2015-3317

fkie_cve-2015-3317

Vulnerability from fkie_nvd

Published

2015-06-17 10:59

Modified

2024-11-21 02:29

Severity ?

Summary

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/75033
cve@mitre.org	http://www.securitytracker.com/id/1032512
cve@mitre.org	http://www.securitytracker.com/id/1032513
af854a3a-2127-422b-91ae-364da2661108	http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75033
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032512
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032513

Impacted products

Vendor	Product	Version
ca	client_automation	r12.5
ca	client_automation	r12.8
ca	client_automation	r12.9
ca	network_and_systems_management	r11.2
ca	nsm_job_management_option	r11.0
ca	nsm_job_management_option	r11.1
ca	nsm_job_management_option	r11.2
ca	universal_job_management_agent	-
ca	virtual_assurance_for_infrastructure_managers	12.6
ca	virtual_assurance_for_infrastructure_managers	12.7
ca	virtual_assurance_for_infrastructure_managers	12.8
ca	virtual_assurance_for_infrastructure_managers	12.9
ca	workload_automation_ae	r11
ca	workload_automation_ae	r11.3
ca	workload_automation_ae	r11.3.5
ca	workload_automation_ae	r11.3.6
hp	hp-ux	*
ibm	aix	*
linux	linux_kernel	*
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:client_automation:r12.5:sp01:*:*:*:*:*:*",
              "matchCriteriaId": "5A4F9C4A-8E42-4AE9-B0BB-1BB2C6463F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:client_automation:r12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0B8F40-7562-4FF4-BEB7-37F8A9CB6618",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:client_automation:r12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB5FAE9D-2ECB-41A0-8044-BD4B6A049941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:network_and_systems_management:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2478964-609B-4CFF-9C7B-C41DC08FE1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:nsm_job_management_option:r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E932DCC-21A7-43CC-92AF-42FDF4F6EE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:nsm_job_management_option:r11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1C1949-9C3A-4904-BF98-9CC99DAA4256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:nsm_job_management_option:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "843C2083-4332-4D84-8C87-5C9CF90F3729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:universal_job_management_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89CBCC3A-5510-4ACC-A57C-42AFF4513997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B99FE844-7F80-4466-9948-0EC2178A368F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CC9F38-5BD0-449B-BB44-6B5505B0A0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "99DD6651-7B25-4FA6-B579-932FB77BF3CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC386DBF-5C12-4710-B79F-D8FF7AA13115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:workload_automation_ae:r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A8B3B9-4DAC-43CE-AA4A-33F3AD3B8CA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:workload_automation_ae:r11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807CB824-9D95-46D7-81D5-C5186D476BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:workload_automation_ae:r11.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD5392E-D9ED-46E7-AA9E-D80DF9D2392A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:workload_automation_ae:r11.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCC05931-BF69-464C-BF3D-2BE53F00C5D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "CA Common Services, utilizado en CA Client Automation r12.5 SP01, r12.8, y r12.9; CA Network and Systems Management r11.0, r11.1, y r11.2; CA NSM Job Management Option r11.0, r11.1, y r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (tambi\u00e9n conocido como SystemEDGE) 12.6, 12.7, 12.8, y 12.9; y CA Workload Automation AE r11, r11.3, r11.3.5, y r11.3.6 en UNIX, no realiza correctamente la comprobaci\u00f3n de l\u00edmites, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-3317",
  "lastModified": "2024-11-21T02:29:08.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-17T10:59:02.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/75033"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032512"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032513"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2015-3317

Vulnerability from cvelistv5

Published

2015-06-17 10:00

Modified

2024-08-06 05:47