Published: 13/02/2017 Updated: 21/03/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in CA Unified Infrastructure Management Version 8.47 and previous versions. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ca technologies unified infrastructure management

If you can chdir you can hack CA's Unified Infrastructure Manager

The Register • Richard Chirgwin • 16 Nov 2016

You know the drill: pause and patch to prevent p0wnage

IT shops running CA Technologies' Unified Infrastructure Management (UMI) – formerly CA Nimsoft – need to run patches for three vulnerabilities, one remotely exploitable. CA bought Nimsoft in 2010 to get its hands on the “single pane of glass” monitoring system, covering servers, networks, storage, and databases. The most serious bug turned up by Trend Micro's Zero Day Initiative and “rgod” is a directory traversal bug (CVE-2016-5803) in the download_lar servlet. ZDI's note is here. ...

CVE-2016-5803

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect