Vulnerability Details CVE-2018-9023
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://www.securityfocus.com/bid/104496
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
- http://www.securityfocus.com/bid/104496
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
Products affected by CVE-2018-9023
-
cpe:2.3:a:broadcom:privileged_access_manager:2.0.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.4.4.4
-
cpe:2.3:a:broadcom:privileged_access_manager:2.7.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.1
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.2
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.3
-
cpe:2.3:a:broadcom:privileged_access_manager:2.8.4.1