Published: 20/03/2017 Updated: 23/03/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Unified Infrastructure Management Snap

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) prior to 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote malicious users to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ca unified infrastructure management snap
ca unified infrastructure management

If you can chdir you can hack CA's Unified Infrastructure Manager

The Register • Richard Chirgwin • 16 Nov 2016

You know the drill: pause and patch to prevent p0wnage

IT shops running CA Technologies' Unified Infrastructure Management (UMI) – formerly CA Nimsoft – need to run patches for three vulnerabilities, one remotely exploitable. CA bought Nimsoft in 2010 to get its hands on the “single pane of glass” monitoring system, covering servers, networks, storage, and databases. The most serious bug turned up by Trend Micro's Zero Day Initiative and “rgod” is a directory traversal bug (CVE-2016-5803) in the download_lar servlet. ZDI's note is here. ...

CVE-2016-9165

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect