CVE-2016-9165
HIGHCA Unified Infrastructure Management <8.5 - Info Disclosure
Title source: llmDescription
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
References (3)
Scores
CVSS v3
7.5
EPSS
0.0124
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-200
Status
draft
Affected Products (2)
ca/unified_infrastructure_management
< 8.47
ca/unified_infrastructure_management_snap
< 8.47
Timeline
Published
Mar 20, 2017
Tracked Since
Feb 18, 2026