Ca 脆弱性

タイムライン

タイプ

製品

CA BrightStor ARCserve Backup16
CA API Developer Portal13
CA Privileged Access Manager11
CA ARCserve Backup11
CA Unified Infrastructure Management10

修復

Official Fix145
Temporary Fix0
Workaround13
Unavailable2
Not Defined122

悪用可能性

High30
Functional0
Proof-of-Concept101
Unproven7
Not Defined144

アクセスベクター

Not Defined0
Physical0
Local36
Adjacent8
Network238

認証

Not Defined0
High0
Low43
None239

ユーザー操作

Not Defined0
Required37
None245

C3BM Index

CVSSv3 Base

≤10
≤20
≤31
≤411
≤518
≤666
≤739
≤863
≤924
≤1060

CVSSv3 Temp

≤10
≤20
≤31
≤412
≤535
≤659
≤764
≤833
≤954
≤1024

VulDB

≤10
≤20
≤31
≤415
≤523
≤676
≤730
≤871
≤96
≤1060

NVD

≤10
≤20
≤30
≤40
≤52
≤65
≤715
≤822
≤912
≤1021

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤71
≤81
≤90
≤104

ベンダー

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

0dayエクスプロイト

<1k0
<2k1
<5k8
<10k81
<25k110
<50k81
<100k1
≥100k0

本日のエクスプロイト

<1k199
<2k13
<5k25
<10k33
<25k12
<50k0
<100k0
≥100k0

闇ツールの市場規模

🔴 CTI アクティビティ

Affected Products (114): 2E Web Option (1), API Developer Portal (13), API Gateway (1), ARCserve Backup (11), ARCserve D2D (2), ARCserve Replication (1), Anti-Virus Enterprise (1), Anti-Virus for the Enterprise (3), ArcServe Backup (1), Arcot WebFort Versatile Authentication Server (2), Automic Dollar Universe (1), Automic Sysload (1), Automic Workload Automation (1), BrightStor (2), BrightStor ARCServe BackUp (7), BrightStor ARCServe Backup (2), BrightStor ARCserve Backup (18), BrightStor Hierarchical Storage Manager (3), Brightstor Arcserve Backup (4), Brightstor Enterprise Backup (3), Business Protection Suite (4), CA DMV (1), CCC Harvest (1), Cleverpath Portal (2), Client Automation (3), Cloud Service Management (4), Common Services (1), ControlIT (1), Desktop Management Suite (1), Directory (1), ERwin Data Model Validator (1), ERwin Process Modeler (2), ERwin Web Portal (1), Etrust Antivirus (2), Etrust Integrated Threat Management (2), Etrust Pestpatrol (1), Gateway Security (2), HIPS (1), Harvest Software Change Manager (1), High Availability (1), Host-Based Intrusion Prevention System (1), Identity Governance (2), Identity Manager (1), IdentityMinder (2), Identity Suite Virtual Appliance (1), InoculateIT (6), InoculateIT Agent for Exchange (1), Integrated Threat Management (1), Internet Security Suite (1), Internet Security Suite 2008 (1), Internet Security Suite 2010 (1), Internet Security Suite 2011 (1), Internet Security Suite Plus 2008 (1), Internet Security Suite Plus 2010 (1), Intrusion Prevention System (1), Investigation Tool (1), JCICSecurityTool (1), License (2), License Software (3), Management Agent (3), Messaging Queuing (1), Mlink (1), Network Flow Analysis (2), Output Management Web Viewer (1), PPM (5), Performance Management (1), Personal Firewall (1), Privileged Access Manager (11), Protection Suites (6), Release Automation (7), Risk Authentication (2), Secure Content Manager (1), Service Desk (2), Service Desk Manager (5), Service Metric Analysis (1), Single Sign-On (2), SiteMinder (8), Spectrum (3), Strong Authentication (2), Threat Manager (1), Threat Manager for the Enterprise (1), Total Defense (3), Unicenter (2), Unicenter Asset Management (4), Unicenter File Transfer Service (1), Unicenter Management Portal (1), Unicenter Network And Systems Management (5), Unicenter Remote Control (3), Unicenter Remote Control Host (2), Unicenter Software Delivery (1), Unicenter Tng (1), Unicenter Transport Service (1), Unicenter Web Services Distributed Management (1), Unified Infrastructure Management (10), Webscan Active X Control (1), Workload Automation AE (2), Workload Control Center (1), XCOM Data Transport (1), Xosoft Replication (3), eHealth (3), eHealth Performance Manager (6), eTrust Access Control (1), eTrust Antivirus (6), eTrust Antivirus EE (1), eTrust Antivirus WebScan (3), eTrust Audit Datatools (1), eTrust EZ Armor (2), eTrust Intrusion Detection (5), eTrust PestPatrol (2), eTrust Secure Content Manager (2), eTrust Security Command Center (2), eTrust SiteMinder (3), eTrust Threat Management Console (1), iGateway (1)

公開済みBaseTemp脆弱性Prod修復CTIEPSSCVE
2023年12月15日5.25.2TAIWAN-CA JCICSecurityTool クロスサイトスクリプティング未知Not DefinedNot Defined0.020.00166CVE-2023-48387
2022年02月05日7.17.1CA Harvest Software Change Manager CSV Export 特権昇格未知Not DefinedNot Defined0.000.00116CVE-2022-22689
2021年12月03日6.46.4CA Network Flow Analysis NFA Web Application SQLインジェクション未知Not DefinedNot Defined0.020.00065CVE-2021-44050
2021年03月26日7.47.2CA eHealth Performance Manager runpicEhealth 特権昇格未知Not DefinedWorkaround0.000.00048CVE-2021-28250
2021年03月26日7.17.0CA eHealth Performance Manager Shared Object 特権昇格未知Not DefinedWorkaround0.000.00048CVE-2021-28249
2021年03月26日5.35.2CA eHealth Performance Manager 情報の漏洩未知Not DefinedWorkaround0.000.00307CVE-2021-28248
2021年03月26日4.44.3CA eHealth Performance Manager nhWeb クロスサイトスクリプティング未知Not DefinedWorkaround0.000.00072CVE-2021-28247
2021年03月26日7.06.9CA eHealth Performance Manager Shared Object 特権昇格未知Not DefinedWorkaround0.000.00048CVE-2021-28246
2021年01月21日6.46.4CA ARCserve D2D XML External Entity未知Not DefinedNot Defined0.000.03289CVE-2020-27858
2020年11月23日6.56.3CA Unified Infrastructure Management Robot Controller 特権昇格未知Not DefinedOfficial Fix0.000.00042CVE-2020-28421
2020年04月15日7.57.5CA API Developer Portal Access Control 特権昇格Automation SoftwareNot DefinedNot Defined0.000.00331CVE-2020-11666
2020年04月15日6.66.6CA API Developer Portal loginRedirect PageAutomation SoftwareNot DefinedNot Defined0.000.00213CVE-2020-11665
2020年04月15日6.66.6CA API Developer Portal homeRedirect PageAutomation SoftwareNot DefinedNot Defined0.000.00213CVE-2020-11664
2020年04月15日6.66.6CA API Developer Portal 404 RedirectAutomation SoftwareNot DefinedNot Defined0.000.00213CVE-2020-11663
2020年04月15日6.46.4CA API Developer Portal 情報の漏洩Automation SoftwareNot DefinedNot Defined0.000.00714CVE-2020-11662
2020年04月15日7.27.2CA API Developer Portal Access Control 特権昇格Automation SoftwareNot DefinedNot Defined0.000.00157CVE-2020-11661
2020年04月15日5.45.4CA API Developer Portal 情報の漏洩Automation SoftwareNot DefinedNot Defined0.000.00104CVE-2020-11660
2020年04月15日5.35.3CA API Developer Portal Access Control 特権昇格Automation SoftwareNot DefinedNot Defined0.000.00063CVE-2020-11659
2020年04月15日8.58.5CA API Developer Portal 特権昇格Automation SoftwareNot DefinedNot Defined0.000.00373CVE-2020-11658
2020年02月18日8.58.5CA Unified Infrastructure Management Robot Controller メモリ破損未知Not DefinedNot Defined0.000.52678CVE-2020-8012
2020年02月18日6.46.4CA Unified Infrastructure Management Robot Controller サービス拒否未知Not DefinedNot Defined0.000.00216CVE-2020-8011
2020年02月18日8.58.5CA Unified Infrastructure Management ACL 特権昇格未知Not DefinedNot Defined0.000.07135CVE-2020-8010
2020年01月08日6.56.5CA Automic Dollar Universe uxdqmsrv 特権昇格未知Not DefinedWorkaround0.000.00042CVE-2019-19544
2020年01月08日8.58.5CA Automic Sysload File Server Port 弱い認証未知Not DefinedNot Defined0.000.00878CVE-2019-19518
2019年12月20日6.66.6CA Client Automation File Access Local Privilege EscalationAutomation SoftwareNot DefinedNot Defined0.000.00042CVE-2019-19231

257 非表示のエントリあり

Interested in the pricing of exploits?

See the underground prices here!