← voltar
CVE-2024-38499

Improper Privilege Management Vulnerability in CA Client Automation 14.5

CVSS 7.3 HIGHEPSS 0.2%CWE-269CWE-276
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
Broadcom · CA Client Automation (ITCM)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://seclists.org/fulldisclosure/2024/Dec/16https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284