CVE-2017-9393

CRITICAL

CA Identity Manager <14.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0168
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (8)
ca/identity_manager 12.6 ga (9 CPE variants)
ca/identity_manager 14.0
ca/identity_manager 14.1
ca/identity_manager_virtual_appliance 14.0
ca/identity_manager_virtual_appliance 14.1
CA Technologies/Identity Manager 12.6 through 12.6 SP8
CA Technologies/Identity Manager 14.0
CA Technologies/Identity Manager 14.1
Published Sep 22, 2017
Tracked Since Feb 18, 2026