CVE-2017-9393

CRITICAL

CA Identity Manager <14.2 - Info Disclosure

Title source: llm

Description

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100956

[Vendor Advisory] https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-200

Status draft

Affected Products (13)

ca/identity_manager

ca/identity_manager_virtual_appliance

Timeline

Published Sep 22, 2017

Tracked Since Feb 18, 2026