Information disclosure in CA Client Automation
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-8391 |
| CWE-ID | CWE-522 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Client Automation Web applications / Remote management & hosting panels |
| Vendor | CA |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU6503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-8391
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insecure storage of account credentials by the affected software. a local attacker can access a sensitive file containing account credentials and decrypt a password on the system.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Client Automation: 12 (.9) - 14.0 SP1
CPE2.3- cpe:2.3:a:ca:client_automation:12 (.9):*:*:*:*:*:*:*
- cpe:2.3:a:ca:client_automation:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:ca:client_automation:14.0 SP1:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
