Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ca vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-32151
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions prior to 9.0 and Splunk Cloud Platform versions prior to 8.2.2203. Pyt...
Splunk Splunk
Splunk Splunk Cloud Platform
9.1
CVSSv3
CVE-2019-7392
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote malicious user to gain sensitive information or alter configuration.
Broadcom Privileged Access Manager
9.1
CVSSv3
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote malicious users to conduct server side request forgery attacks.
Broadcom Project Portfolio Management 15.1
Ca Project Portfolio Management 15.2
Ca Project Portfolio Management 15.3
Broadcom Project Portfolio Management
Broadcom Project Portfolio Management 14.4
9.1
CVSSv3
CVE-2015-6853
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote malicious users to cause a denial of service (daemon crash) or obtain sensitiv...
Broadcom Single Sign-on R12.0j
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R12.52
Broadcom Single Sign-on R12.51
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R6.0
9.1
CVSSv3
CVE-2015-6854
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote malicious users to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R6.0
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R12.0j
1 Github repository
8.8
CVSSv3
CVE-2023-48387
TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage ...
Twca Jcicsecuritytool 4.2.3.32
8.8
CVSSv3
CVE-2023-45641
Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.
Ca-ret Country Access Limit
8.8
CVSSv3
CVE-2022-30306
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated malicious user to achieve arbitrary code execution via specifically crafted password.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
8.8
CVSSv3
CVE-2022-33753
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
Broadcom Ca Automic Automation 12.3
Broadcom Ca Automic Automation 12.2
8.8
CVSSv3
CVE-2021-41020
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged malicious user to regenerate the CA certificate via the regeneration URL.
Fortinet Fortiisolator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »