Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    80 vulnerabilities

    CVE-2026-8370 (GCVE-0-2026-8370)

    Vulnerability from cvelistv5 – Published: 2026-05-19 18:42 – Updated: 2026-05-19 19:30
    VLAI
    Title
    Automic Automation Agent Unix privilege escalation
    Summary
    Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic Automation: < 24.4.4 HF1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with unnecessary privileges
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom Automic Automation Affected: < 24.4.4 HF1 (custom)
    Unaffected: 24.4.4 HF1 or later
    Unaffected: 26.0.0
    Create a notification for this product.
    Date Public
    2026-05-19 17:00
    Credits
    David Suchy, Citadelo (citadelo.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T19:30:47.783803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T19:30:57.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Agent Unix",
              "platforms": [
                "Linux x64",
                "Linux Power 64 BE",
                "Linux Power 64 LE",
                "zLinux (zSeries)",
                "AIX",
                "Solaris x64",
                "Solaris Sparc 64"
              ],
              "product": "Automic Automation",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 24.4.4 HF1",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.4.4 HF1 or later"
                },
                {
                  "status": "unaffected",
                  "version": "26.0.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Suchy, Citadelo (citadelo.com)"
            }
          ],
          "datePublic": "2026-05-19T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automic Automation: \u0026lt; 24.4.4 HF1.\u003c/p\u003e"
                }
              ],
              "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: \u003c 24.4.4 HF1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            },
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with unnecessary privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T18:42:00.155Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Automic Automation Agent Unix privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2026-8370",
        "datePublished": "2026-05-19T18:42:00.155Z",
        "dateReserved": "2026-05-11T23:42:14.037Z",
        "dateUpdated": "2026-05-19T19:30:57.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69276 (GCVE-0-2025-69276)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:53 – Updated: 2026-01-12 14:56
    VLAI
    Title
    Spectrum insecure deserialiation
    Summary
    Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.13 and earlier (custom)
    Unaffected: 25.4.1 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:48
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69276",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T14:56:44.565306Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T14:56:58.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.13 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "25.4.1 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.13 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:53:09.752Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum insecure deserialiation",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69276",
        "datePublished": "2026-01-12T04:53:09.752Z",
        "dateReserved": "2025-12-31T03:22:49.491Z",
        "dateUpdated": "2026-01-12T14:56:58.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69275 (GCVE-0-2025-69275)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:47 – Updated: 2026-01-12 14:57
    VLAI
    Title
    Spectrum outdated java library in class-path
    Summary
    Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.9 and earlier (custom)
    Unaffected: 24.3.10 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:43
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69275",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T14:57:14.979533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T14:57:23.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.9 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.10 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:43:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.9 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-588",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-588 DOM-Based XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:47:07.893Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum outdated java library in class-path",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69275",
        "datePublished": "2026-01-12T04:47:07.893Z",
        "dateReserved": "2025-12-31T03:22:49.491Z",
        "dateUpdated": "2026-01-12T14:57:23.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69274 (GCVE-0-2025-69274)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:42 – Updated: 2026-01-12 14:58
    VLAI
    Title
    Spectrum broken authorization scheme
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.10 and earlier (custom)
    Unaffected: 24.3.11 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:39
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T14:58:04.733973Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T14:58:15.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.10 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.11 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.10 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:42:39.547Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum broken authorization scheme",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69274",
        "datePublished": "2026-01-12T04:42:39.547Z",
        "dateReserved": "2025-12-31T03:22:49.491Z",
        "dateUpdated": "2026-01-12T14:58:15.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69273 (GCVE-0-2025-69273)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:38 – Updated: 2026-01-12 15:16
    VLAI
    Title
    Spectrum broken authentication
    Summary
    Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.10 and earlier (custom)
    Unaffected: 24.3.11 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:35
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:10:39.580056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:16:40.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.10 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.11 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.10_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.11_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.10 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:38:53.570Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum broken authentication",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69273",
        "datePublished": "2026-01-12T04:38:53.570Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:16:40.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69272 (GCVE-0-2025-69272)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:33 – Updated: 2026-01-12 15:19
    VLAI
    Title
    Spectrum password returned in clear
    Summary
    Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 21.2.1 and earlier (custom)
    Unaffected: 21.2.2 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:30
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:19:14.389543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:19:26.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.1 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "21.2.2 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.1_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.1_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.2_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:21.2.2_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.\u003cp\u003eThis issue affects DX NetOps Spectrum: 21.2.1 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-157",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-157 Sniffing Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:33:37.988Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum password returned in clear",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69272",
        "datePublished": "2026-01-12T04:33:37.988Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:19:26.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69271 (GCVE-0-2025-69271)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:27 – Updated: 2026-01-12 15:20
    VLAI
    Title
    Spectrum basic authentication in use
    Summary
    Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.13 and earlier (custom)
    Unaffected: 25.4.1 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:21
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:20:26.381494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:20:41.443Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.13 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "25.4.1 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.13_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:25.4.1_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.13 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-157",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-157 Sniffing Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:27:55.507Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum basic authentication in use",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69271",
        "datePublished": "2026-01-12T04:27:55.507Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:20:41.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69270 (GCVE-0-2025-69270)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:20 – Updated: 2026-01-12 15:21
    VLAI
    Title
    Spectrum session token in URL
    Summary
    Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-598 - Information Exposure Through Query Strings in GET Request
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.8 and earlier (custom)
    Unaffected: 24.3.9 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:15
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:21:01.996598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:21:09.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.8 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.9 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-593",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-593 Session Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598 Information Exposure Through Query Strings in GET Request",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:35:06.225Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "EXTERNAL"
          },
          "title": "Spectrum session token in URL",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69270",
        "datePublished": "2026-01-12T04:20:13.446Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:21:09.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69269 (GCVE-0-2025-69269)

    Vulnerability from cvelistv5 – Published: 2026-01-12 04:10 – Updated: 2026-01-12 15:51
    VLAI
    Title
    Spectrum command injection in NCM service
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 23.3.6 and earlier (custom)
    Unaffected: 23.3.7 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 04:00
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:51:21.445557Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:51:36.355Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.3.6 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "23.3.7 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.6_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.6_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.7_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:23.3.7_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T04:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.\u003cp\u003eThis issue affects DX NetOps Spectrum: 23.3.6 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T04:10:44.802Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "UNKNOWN"
          },
          "title": "Spectrum command injection in NCM service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69269",
        "datePublished": "2026-01-12T04:10:44.802Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:51:36.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69268 (GCVE-0-2025-69268)

    Vulnerability from cvelistv5 – Published: 2026-01-12 03:59 – Updated: 2026-01-12 15:52
    VLAI
    Title
    Spectrum reflected XSS
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.8 and earlier (custom)
    Unaffected: 24.3.9 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 03:54
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:52:32.107959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:52:46.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.8 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.9 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T03:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T03:59:17.522Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "EXTERNAL"
          },
          "title": "Spectrum reflected XSS",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69268",
        "datePublished": "2026-01-12T03:59:17.522Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:52:46.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69267 (GCVE-0-2025-69267)

    Vulnerability from cvelistv5 – Published: 2026-01-12 03:53 – Updated: 2026-01-12 15:53
    VLAI
    Title
    Spectrum directory path traversal
    Summary
    Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    Broadcom DX NetOps Spectrum Affected: 24.3.8 and earlier (custom)
    Unaffected: 24.3.9 and later (custom)
    Create a notification for this product.
    Date Public
    2026-01-12 03:34
    Credits
    Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T15:53:32.387669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T15:53:40.392Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "DX NetOps Spectrum",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.3.8 and earlier",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.9 and later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.8_and_earlier:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:broadcom:dx_netops_spectrum:24.3.9_and_later:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jean-Michel Huguet and Jorge Escabias from NATO Cyber Security Centre"
            }
          ],
          "datePublic": "2026-01-12T03:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.\u003cp\u003eThis issue affects DX NetOps Spectrum: 24.3.8 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T03:53:00.624Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36756"
            }
          ],
          "source": {
            "advisory": "CA20260112-01: Security Notice for DX NetOps Spectrum",
            "discovery": "EXTERNAL"
          },
          "title": "Spectrum directory path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-69267",
        "datePublished": "2026-01-12T03:53:00.624Z",
        "dateReserved": "2025-12-31T03:22:49.490Z",
        "dateUpdated": "2026-01-12T15:53:40.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4971 (GCVE-0-2025-4971)

    Vulnerability from cvelistv5 – Published: 2025-05-19 23:42 – Updated: 2025-05-20 14:08
    VLAI
    Title
    Broadcom Automic Automation Agent Unix privilege escalation
    Summary
    Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ca
    Impacted products
    Vendor Product Version
    Broadcom Automic Automation Affected: < 24.3.0 HF4, and < 21.0.13 HF1 (custom)
    Unaffected: 24.3.0 HF4 or later, and 21.0.13 HF1 or later (custom)
    Create a notification for this product.
    Date Public
    2025-05-19 23:22
    Credits
    Flora Schäfer, secuvera GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T14:08:16.881016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T14:08:34.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "UNIX"
              ],
              "product": "Automic Automation",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 24.3.0 HF4, and \u003c 21.0.13 HF1",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "24.3.0 HF4 or later, and 21.0.13 HF1 or later",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Flora Sch\u00e4fer, secuvera GmbH"
            }
          ],
          "datePublic": "2025-05-19T23:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Broadcom Automic\nAutomation Agent Unix versions \u0026lt;\n24.3.0 HF4 and \u0026lt; 21.0.13 HF1 allow low privileged users who have execution\nrights on the agent executable to escalate their privileges. \n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Broadcom Automic\nAutomation Agent Unix versions \u003c\n24.3.0 HF4 and \u003c 21.0.13 HF1 allow low privileged users who have execution\nrights on the agent executable to escalate their privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-19T23:42:23.173Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25732"
            },
            {
              "url": "https://www.secuvera.de/advisories/secuvera-SA-2025-01.txt"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broadcom Automic Automation Agent Unix privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2025-4971",
        "datePublished": "2025-05-19T23:42:23.173Z",
        "dateReserved": "2025-05-19T22:33:20.205Z",
        "dateUpdated": "2025-05-20T14:08:34.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33739 (GCVE-0-2022-33739)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:25 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.
    Severity
    No CVSS data available.
    CWE
    • insecure XML parsing
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Clarity Affected: 15.8 and below, 15.9.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Clarity",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.8 and below, 15.9.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insecure XML parsing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:25:45.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33739",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Clarity",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "15.8 and below, 15.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insecure XML parsing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33739",
        "datePublished": "2022-06-16T21:25:45.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33756 (GCVE-0-2022-33756)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:23 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.
    Severity
    No CVSS data available.
    CWE
    • entropy weakness
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "entropy weakness",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:23:58.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "entropy weakness"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33756",
        "datePublished": "2022-06-16T21:23:58.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.669Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33755 (GCVE-0-2022-33755)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:23 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.
    Severity
    No CVSS data available.
    CWE
    • insecure input handling
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insecure input handling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:23:47.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insecure input handling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33755",
        "datePublished": "2022-06-16T21:23:47.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33754 (GCVE-0-2022-33754)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:23 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • insufficient input validation
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.757Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insufficient input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:23:34.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insufficient input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33754",
        "datePublished": "2022-06-16T21:23:34.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33753 (GCVE-0-2022-33753)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:21 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
    Severity
    No CVSS data available.
    CWE
    • insecure file creation and handling
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insecure file creation and handling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:21:27.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33753",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insecure file creation and handling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33753",
        "datePublished": "2022-06-16T21:21:27.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33752 (GCVE-0-2022-33752)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:21 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • insufficient input validation
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insufficient input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:21:17.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insufficient input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33752",
        "datePublished": "2022-06-16T21:21:17.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33751 (GCVE-0-2022-33751)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:21 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
    Severity
    No CVSS data available.
    CWE
    • insecure memory handling
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insecure memory handling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:21:04.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insecure memory handling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33751",
        "datePublished": "2022-06-16T21:21:04.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33750 (GCVE-0-2022-33750)

    Vulnerability from cvelistv5 – Published: 2022-06-16 21:20 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • authentication error
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Automic Automation Affected: 12.2, 12.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Automic Automation",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-16T21:20:55.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-33750",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Automic Automation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2, 12.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-33750",
        "datePublished": "2022-06-16T21:20:55.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23992 (GCVE-0-2022-23992)

    Vulnerability from cvelistv5 – Published: 2022-02-14 21:04 – Updated: 2024-08-03 03:59
    VLAI
    Summary
    XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • insufficient input validation
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a XCOM Data Transport for Windows, Linux, and UNIX Affected: 11.6
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:59:23.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XCOM Data Transport for Windows, Linux, and UNIX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insufficient input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T21:04:34.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-23992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "XCOM Data Transport for Windows, Linux, and UNIX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insufficient input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/XCOM-Data-Transport---Windows-and-XCOM-Data-Transport--Linux--UNIX-Vulnerability-CVE-2022-23992/18750"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-23992",
        "datePublished": "2022-02-14T21:04:34.000Z",
        "dateReserved": "2022-01-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:59:23.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22689 (GCVE-0-2022-22689)

    Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
    VLAI
    Summary
    CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
    Severity
    No CVSS data available.
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Harvest Software Change Manager Affected: 13.0.3, 13.0.4, 14.0.0, 14.0.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:48.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Harvest Software Change Manager",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.3, 13.0.4, 14.0.0, 14.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:29:27.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-22689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Harvest Software Change Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.3, 13.0.4, 14.0.0, 14.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20220203-01-Security-Notice-for-CA-Harvest-Software-Change-Manager/ESDSA20297"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-22689",
        "datePublished": "2022-02-04T22:29:27.000Z",
        "dateReserved": "2022-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:21:48.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23083 (GCVE-0-2022-23083)

    Vulnerability from cvelistv5 – Published: 2022-01-18 16:52 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ca
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetMaster Network Management for TCP/IP and NetMaster File Transfer Management",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-18T16:52:35.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2022-23083",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetMaster Network Management for TCP/IP and NetMaster File Transfer Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/external/content/security-advisories/NetMaster-12.2-ReportCenter-Vulnerability-CVE-2022-23083/20049"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2022-23083",
        "datePublished": "2022-01-18T16:52:35.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:43.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44050 (GCVE-0-2021-44050)

    Vulnerability from cvelistv5 – Published: 2021-12-02 18:18 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
    Severity
    No CVSS data available.
    CWE
    • SQL injection
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Network Flow Analysis (NFA) Affected: 9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 21.2.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689"
              },
              {
                "name": "20211203 CA20211201-01: Security Notice for CA Network Flow Analysis",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Dec/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Network Flow Analysis (NFA)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 21.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T18:06:06.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689"
            },
            {
              "name": "20211203 CA20211201-01: Security Notice for CA Network Flow Analysis",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Dec/0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2021-44050",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Network Flow Analysis (NFA)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 21.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/external/content/security-advisories/CA20211201-01-Security-Notice-for-CA-Network-Flow-Analysis/19689"
                },
                {
                  "name": "20211203 CA20211201-01: Security Notice for CA Network Flow Analysis",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Dec/0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2021-44050",
        "datePublished": "2021-12-02T18:18:41.000Z",
        "dateReserved": "2021-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29478 (GCVE-0-2020-29478)

    Vulnerability from cvelistv5 – Published: 2021-01-05 17:24 – Updated: 2024-08-04 16:55
    VLAI
    Summary
    CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-258 - Empty Password in Configuration File
    Assigner
    ca
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Service Catalog",
              "vendor": "CA Technologies, A Broadcom Company",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.2"
                },
                {
                  "status": "affected",
                  "version": "17.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-258",
                  "description": "CWE-258 Empty Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-05T17:24:46.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
            }
          ],
          "source": {
            "advisory": "CA20201215-01",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-29478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Service Catalog",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "17.2",
                                "version_value": "17.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "17.3",
                                "version_value": "17.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CA Technologies, A Broadcom Company"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-258 Empty Password in Configuration File"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810",
                  "refsource": "CONFIRM",
                  "url": "https://support.broadcom.com/security-advisory/content/security-advisories/CA20201215-01-Security-Notice-for-CA-Service-Catalog/ESDSA16810"
                }
              ]
            },
            "source": {
              "advisory": "CA20201215-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-29478",
        "datePublished": "2021-01-05T17:24:46.000Z",
        "dateReserved": "2020-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:55:09.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28421 (GCVE-0-2020-28421)

    Vulnerability from cvelistv5 – Published: 2020-11-23 15:43 – Updated: 2024-08-04 16:33
    VLAI
    Summary
    CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
    Severity
    No CVSS data available.
    CWE
    • Local Privilege Elevation
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA Unified Infrastructure Management Affected: 20.1, 9.2.0, 9.1.0, 9.0.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:59.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
              },
              {
                "name": "20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Nov/41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA Unified Infrastructure Management",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "20.1, 9.2.0, 9.1.0, 9.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Local Privilege Elevation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-23T20:06:22.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
            },
            {
              "name": "20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Nov/41"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-28421",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA Unified Infrastructure Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "20.1, 9.2.0, 9.1.0, 9.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Local Privilege Elevation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565",
                  "refsource": "MISC",
                  "url": "https://support.broadcom.com/external/content/security-advisories/CA20201116-01-Security-Notice-for-CA-Unified-Infrastructure-Management/16565"
                },
                {
                  "name": "20201123 CA20201116-01: Security Notice for CA Unified Infrastructure Management",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Nov/41"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-28421",
        "datePublished": "2020-11-23T15:43:25.000Z",
        "dateReserved": "2020-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:59.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11660 (GCVE-0-2020-11660)

    Vulnerability from cvelistv5 – Published: 2020-04-15 20:47 – Updated: 2024-08-04 11:35
    VLAI
    Summary
    CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Authorization Schema Bypass
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA API Developer Portal Affected: 4.3.1 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:35:13.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
              },
              {
                "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA API Developer Portal",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Schema Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-17T23:06:02.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
            },
            {
              "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-11660",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA API Developer Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Schema Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
                  "refsource": "MISC",
                  "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
                },
                {
                  "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-11660",
        "datePublished": "2020-04-15T20:47:13.000Z",
        "dateReserved": "2020-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:35:13.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11659 (GCVE-0-2020-11659)

    Vulnerability from cvelistv5 – Published: 2020-04-15 20:47 – Updated: 2024-08-04 11:35
    VLAI
    Summary
    CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
    Severity
    No CVSS data available.
    CWE
    • Authorization Schema Bypass
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA API Developer Portal Affected: 4.3.1 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:35:13.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
              },
              {
                "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA API Developer Portal",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Schema Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-17T23:06:04.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
            },
            {
              "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-11659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA API Developer Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Schema Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
                  "refsource": "MISC",
                  "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
                },
                {
                  "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-11659",
        "datePublished": "2020-04-15T20:47:05.000Z",
        "dateReserved": "2020-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:35:13.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11658 (GCVE-0-2020-11658)

    Vulnerability from cvelistv5 – Published: 2020-04-15 20:46 – Updated: 2024-08-04 11:35
    VLAI
    Summary
    CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    ca
    References
    Impacted products
    Vendor Product Version
    n/a CA API Developer Portal Affected: 4.3.1 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:35:13.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
              },
              {
                "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA API Developer Portal",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-17T23:06:01.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
            },
            {
              "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-11658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA API Developer Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
                  "refsource": "MISC",
                  "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
                },
                {
                  "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-11658",
        "datePublished": "2020-04-15T20:46:55.000Z",
        "dateReserved": "2020-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:35:13.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11663 (GCVE-0-2020-11663)

    Vulnerability from cvelistv5 – Published: 2020-04-15 19:08 – Updated: 2024-08-04 11:35
    VLAI
    Summary
    CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    ca
    Impacted products
    Vendor Product Version
    n/a CA API Developer Portal Affected: 4.3.1 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:35:13.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
              },
              {
                "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CA API Developer Portal",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-17T23:06:04.000Z",
            "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
            "shortName": "ca"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
            },
            {
              "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@ca.com",
              "ID": "CVE-2020-11663",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CA API Developer Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html",
                  "refsource": "MISC",
                  "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
                },
                {
                  "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Apr/24"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157276/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
        "assignerShortName": "ca",
        "cveId": "CVE-2020-11663",
        "datePublished": "2020-04-15T19:08:37.000Z",
        "dateReserved": "2020-04-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:35:13.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }