CVE-2018-9021

CRITICAL

Broadcom Privileged Access Manager - Improper Privilege Management

Title source: rule

Description

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

Exploits (1)

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/47748

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104496

[Broken Link] https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html

Scores

CVSS v3 9.8

EPSS 0.1036

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

broadcom/privileged_access_manager < 2.8.2

Published Jun 18, 2018

Tracked Since Feb 18, 2026