CVE-2018-13821

CRITICAL

CA Unified Infrastructure Management - Authentication Bypass

Title source: rule

Description

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105199

[Mitigation, Patch, Vendor Advisory] https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html

Scores

CVSS v3 9.8

EPSS 0.0502

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status published

Affected Products (3)

ca/unified_infrastructure_management

Timeline

Published Aug 30, 2018

Tracked Since Feb 18, 2026