CVE-2016-9164

HIGH

CA Unified Infrastructure Management <8.4 SP1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.

References (5)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html

[Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2016/Nov/55

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94257

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-16-607

[Vendor Advisory] https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html

Scores

CVSS v3 7.5

EPSS 0.0362

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status draft

Affected Products (1)

ca/unified_infrastructure_management < 8.4

Timeline

Published Mar 07, 2017

Tracked Since Feb 18, 2026