CVE-2018-13822
HIGHBroadcom Project Portfolio Management < 14.3 - Insufficiently Protected Credentials
Title source: ruleDescription
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105297
Patch, Vendor Advisory x_refsource_confirm
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (5)
broadcom/project_portfolio_management
14.4
broadcom/project_portfolio_management
15.1
broadcom/project_portfolio_management
15.2 cumulative_patch_5
broadcom/project_portfolio_management
15.3 cumulative_patch_2
broadcom/project_portfolio_management
< 14.3
Published
Aug 30, 2018
Tracked Since
Feb 18, 2026