Unified Infrastructure Management
CVE-2018-13821
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
AnalysisAI
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. Affected products include: Ca Unified Infrastructure Management.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vu
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. Rated high severity (CVSS 8.6)
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor)
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensit
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensit
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today