- Home
- CVEs with nessus.description==According to its self-reported version number from the CA Unified Management Portal (UMP), the CA Unified Infrastructure Management (UIM) application running on the remote host is prior to 8.4 SP2. It is, therefore, affected by multiple information disclosure vulnerabilities :
- An information disclosure vulnerability exists in the download_lar.jsp servlet due to a flaw that allows traversing outside of a restricted path. An unauthenticated, remote attacker can exploit this vulnerability, via a specially crafted request, to read arbitrary files. (CVE-2016-5803)
- An information disclosure vulnerability exists in the diag.jsp servlet due to a flaw that allows traversing outside of a restricted path. An unauthenticated, remote attacker can exploit this vulnerability, via a specially crafted request, to read arbitrary files.
(CVE-2016-9164)
- An information disclosure vulnerability exists in the get_sessions servlet that allows an unauthenticated, remote attacker to disclose session IDs via a specially crafted request. The session ID can then be used to hijack a user's session. (CVE-2016-9165)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top