CVE-2016-9795

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-9795
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securityfocus.com/archive/1/540062/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95819 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037730 Third Party Advisory VDB Entry
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:broadcom:ca_workload_automation_ae:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:14.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systemedge:5.8.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systemedge:5.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
cpe:2.3:a:ca:universal_job_management_agent:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*
History

09 Nov 2021, 17:48

Type Values Removed Values Added
References (BUGTRAQ) http://www.securityfocus.com/archive/1/540062/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/540062/100/0/threaded - Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id/1037730 - (SECTRACK) http://www.securitytracker.com/id/1037730 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:ca:workload_automation_ae:11.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:workload_automation_ae:11.3:*:*:*:*:*:*:*
cpe:2.3:a:ca:workload_automation_ae:11.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ca:workload_automation_ae:11.0:*:*:*:*:*:*:*		 cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*
Information

Published : 2017-01-27 22:59

Updated : 2024-02-04 19:11

NVD link : CVE-2016-9795

Mitre link : CVE-2016-9795

CVE.ORG link : CVE-2016-9795

JSON object : View

Products Affected

broadcom

  • systems_performance_for_infrastructure_managers
  • ca_workload_automation_ae
  • systemedge
  • client_automation

ca

  • virtual_assurance_for_infrastructure_managers
  • universal_job_management_agent

ibm

  • aix

linux

  • linux_kernel

oracle

  • solaris

hp

  • hp-ux
CWE
CWE-20

Improper Input Validation