Multiple vulnerabilities in CA Privileged Access Manager
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2018-9021 CVE-2018-9022 CVE-2018-9023 CVE-2018-9024 CVE-2018-9025 CVE-2018-9026 CVE-2018-9027 CVE-2015-4664 CVE-2015-4665 CVE-2015-4666 CVE-2015-4667 CVE-2015-4669 CVE-2015-4668 CVE-2018-9028 CVE-2018-9029 |
| CWE-ID | CWE-77 CWE-264 CWE-451 CWE-384 CWE-79 CWE-22 CWE-798 CWE-522 CWE-601 CWE-200 CWE-89 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. |
| Vulnerable software Subscribe |
Privileged Access Manager Web applications / Remote management & hosting panels |
| Vendor | CA Technologies |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Command injection
EUVDB-ID: #VU13344
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9021
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe weakness exists in the ajax_cmd.php file due to insufficient validation of user-supplied input. A remote attacker can inject and execute arbitrary commands with elevated privileges.
Mitigation
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Remote code execution
EUVDB-ID: #VU13345
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9022
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an error in configuration file poisoning. A remote attacker can execute arbitrary code with elevated privileges.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU13346
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9023
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Spoofing attack
EUVDB-ID: #VU13347
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9024
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct spoofing attack on the target system.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU13348
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9025
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Session fixation attack
EUVDB-ID: #VU13349
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9026
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct session fixation attacks on the target system.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reflected cross-site scripting
EUVDB-ID: #VU13350
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9027
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in multiple scripts. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Command injection
EUVDB-ID: #VU13351
Risk: Low
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-4664
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe weakness exists due to insufficient input validation in the login.php script. A remote attacker can inject and execute arbitrary commands with elevated privileges.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Reflected cross-site scripting
EUVDB-ID: #VU13352
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-4665
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the ajax_cmd.php script. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Path traversal
EUVDB-ID: #VU13353
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-4666
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe weakness exists due to path traversal in the read_sessionlog.php script. A remote attacker can conduct directory traversal attacks and download sensitive information.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Use of hard-coded credentials
EUVDB-ID: #VU13354
Risk: Low
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-4667
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: Yes
DescriptionThe weakness exists due to use of hard-coded credentials in multiple scripts. A remote attacker can gain elevated privileges and conduct a variety of attacks.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Insecure database credentials
EUVDB-ID: #VU13355
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-4669
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: Yes
DescriptionThe weakness exists due to insecure database credentials. A local attacker can gain elevated privileges and conduct a variety of attacks.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Open redirect
EUVDB-ID: #VU13356
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-4668
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.
The weakness exists due to open redirect in openwin.php script. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Information disclosure
EUVDB-ID: #VU13357
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9028
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe weakness exists due to use unsalted passwords. A remote attacker can easily crack passwords.
Mitigation
Update to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) SQL-injection
EUVDB-ID: #VU13358
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9029
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.
The vulnerability exists due to insufficient validation on user-supplied input in multiple scripts. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.
Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.
MitigationUpdate to version 3.0.0 or later.
Privileged Access Manager: before 3.0.0
External linkshttp://seclists.org/bugtraq/2018/Jun/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
