CVE-2015-3318

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

17/06/2015

Last modified:

12/04/2025

Description

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.

Impact

Vector 2.0

AV:L/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.60 MEDIUM
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

4.60

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:ca:client_automation:r12.5:sp01::::::
cpe:2.3:a:ca:client_automation:r12.8:::::::*
cpe:2.3:a:ca:client_automation:r12.9:::::::*
cpe:2.3:a:ca:network_and_systems_management:r11.2:::::::*
cpe:2.3:a:ca:nsm_job_management_option:r11.0:::::::*
cpe:2.3:a:ca:nsm_job_management_option:r11.1:::::::*
cpe:2.3:a:ca:nsm_job_management_option:r11.2:::::::*
cpe:2.3:a:ca:universal_job_management_agent:-:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.6:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.7:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:::::::*
cpe:2.3:a:ca:workload_automation_ae:r11.0:::::::*
cpe:2.3:a:ca:workload_automation_ae:r11.3:::::::*
cpe:2.3:a:ca:workload_automation_ae:r11.3.5:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:ca:client_automation:r12.5:sp01::::::
cpe:2.3:a:ca:client_automation:r12.8:::::::*
cpe:2.3:a:ca:client_automation:r12.9:::::::*
cpe:2.3:a:ca:network_and_systems_management:r11.2:::::::*
cpe:2.3:a:ca:nsm_job_management_option:r11.0:::::::*
cpe:2.3:a:ca:nsm_job_management_option:r11.1:::::::*
cpe:2.3:a:ca:nsm_job_management_option:r11.2:::::::*
cpe:2.3:a:ca:universal_job_management_agent:-:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.6:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.7:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:::::::*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:::::::*
cpe:2.3:a:ca:workload_automation_ae:r11.0:::::::*
cpe:2.3:a:ca:workload_automation_ae:r11.3:::::::*
cpe:2.3:a:ca:workload_automation_ae:r11.3.5:::::::*

CVE-2015-3318

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools