CVE-2016-9164
HIGHCA Unified Infrastructure Management <8.4 SP1 - Path Traversal
Title source: llmDescription
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94257
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Nov/55
Vendor Advisory x_refsource_confirm
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-16-607
Scores
CVSS v3
7.5
EPSS
0.0539
EPSS Percentile
91.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
ca/unified_infrastructure_management
< 8.4
Published
Mar 07, 2017
Tracked Since
Feb 18, 2026