Description
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
References (5)
Core 5
Core References
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Oct/26
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitary-Command-Execution.html
Vendor Advisory x_refsource_confirm
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca-20191015-01-security-notice-for-ca-performance-management.html
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Oct/37
Scores
CVSS v3
9.8
EPSS
0.0050
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (3)
broadcom/ca_performance_management
3.5.0
broadcom/ca_performance_management
3.6.0 - 3.6.9
broadcom/network_operations
< 19.1
Published
Oct 17, 2019
Tracked Since
Feb 18, 2026