CVE-2019-13657
CVE-2019-13657
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
CA Technologies, A Broadcom Company · CA Performance Managementpublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.htmlhttp://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2019/Oct/37https://seclists.org/bugtraq/2019/Oct/26https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html