Vulnerability Details CVE-2018-9022
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.312
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/104496
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
- http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/104496
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
Products affected by CVE-2018-9022
-
cpe:2.3:a:broadcom:privileged_access_manager:2.0.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.4.4.4
-
cpe:2.3:a:broadcom:privileged_access_manager:2.7.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.1
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.2