Published: 07/03/2017 Updated: 09/03/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and previous versions and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote malicious users to read arbitrary files via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ca unified infrastructure management

If you can chdir you can hack CA's Unified Infrastructure Manager

The Register • Richard Chirgwin • 16 Nov 2016

You know the drill: pause and patch to prevent p0wnage

IT shops running CA Technologies' Unified Infrastructure Management (UMI) – formerly CA Nimsoft – need to run patches for three vulnerabilities, one remotely exploitable. CA bought Nimsoft in 2010 to get its hands on the “single pane of glass” monitoring system, covering servers, networks, storage, and databases. The most serious bug turned up by Trend Micro's Zero Day Initiative and “rgod” is a directory traversal bug (CVE-2016-5803) in the download_lar servlet. ZDI's note is here. ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9164

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect