CVE-2016-9165

HIGH

CA Unified Infrastructure Management <8.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.

Scores

CVSS v3 7.5
EPSS 0.0434
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
ca/unified_infrastructure_management < 8.47
ca/unified_infrastructure_management_snap < 8.47
Published Mar 20, 2017
Tracked Since Feb 18, 2026