CVE-2016-9165
HIGHCA Unified Infrastructure Management <8.5 - Info Disclosure
Title source: llmDescription
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94257
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-16-606
Scores
CVSS v3
7.5
EPSS
0.0434
EPSS Percentile
90.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
ca/unified_infrastructure_management
< 8.47
ca/unified_infrastructure_management_snap
< 8.47
Published
Mar 20, 2017
Tracked Since
Feb 18, 2026