CVE-2018-13825

{"id": "CVE-2018-13825", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-08-30T14:29:01.297", "references": [{"url": "http://www.securityfocus.com/bid/105297", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vuln@ca.com"}, {"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html", "tags": ["Patch", "Vendor Advisory"], "source": "vuln@ca.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks."}, {"lang": "es", "value": "La validaci\u00f3n insuficiente de entradas en la funcionalidad gridExcelExport en CA PPM 14.3 y anteriores, 14.4, 15.1, 15.2 CP5 y anteriores y 15.3 CP2 y anteriores permite que los atacantes remotos ejecuten ataques de Cross-Site Scripting (XSS) reflejado."}], "lastModified": "2021-04-12T13:43:28.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E2B0528-B1EB-421D-BB2D-88D6B32E798B", "versionEndIncluding": "14.3"}, {"criteria": "cpe:2.3:a:broadcom:project_portfolio_management:14.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0ADEFB0-9DFF-4F7C-B23B-5BDEC0DF9CED"}, {"criteria": "cpe:2.3:a:broadcom:project_portfolio_management:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78CE337F-8A8B-47E4-8E23-1DF13CC1591E"}, {"criteria": "cpe:2.3:a:ca:project_portfolio_management:15.2:cp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E5E2436-DAA7-4C4D-89DB-F9D6BDC292DA"}, {"criteria": "cpe:2.3:a:ca:project_portfolio_management:15.3:cp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4705AC24-8C61-4B2C-85C0-98D17366CA23"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@ca.com"}