CVE-2016-9165
Summary
| CVE | CVE-2016-9165 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-20 16:59:00 UTC |
| Updated | 2017-03-23 19:46:00 UTC |
| Description | The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ca | Unified Infrastructure Management | All | All | All | All |
| Application | Ca | Unified Infrastructure Management Snap | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CA Unified Infrastructure Management Directory Traversal And Security Bypass Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| ZDI-16-606 | Zero Day Initiative | MISC | www.zerodayinitiative.com | Third Party Advisory, VDB Entry |
| CA20161109-01: Security Notice for CA Unified Infrastructure Management | CONFIRM | www.ca.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.