← volver
CVE-2024-38499

Improper Privilege Management Vulnerability in CA Client Automation 14.5

CVSS 7.3 HIGHEPSS 0.2%CWE-269CWE-276
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
Broadcom · CA Client Automation (ITCM)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2024/Dec/16https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284