{"api_version":"1","generated_at":"2026-04-23T04:09:45+00:00","cve":"CVE-2016-9164","urls":{"html":"https://cve.report/CVE-2016-9164","api":"https://cve.report/api/cve/CVE-2016-9164.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9164","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9164"},"summary":{"title":"CVE-2016-9164","description":"Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-03-07 15:59:00","updated_at":"2017-03-09 18:32:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/94257","name":"94257","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"CA Unified Infrastructure Management Directory Traversal And Security Bypass Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html","name":"http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"CA Unified Infrastructure Management Bypass / Traversal / Disclosure ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-607","name":"http://www.zerodayinitiative.com/advisories/ZDI-16-607","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2016/Nov/55","name":"20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management","refsource":"FULLDISC","tags":["Third Party Advisory","VDB Entry"],"title":"Full Disclosure: CA20161109-01: Security Notice for CA Unified Infrastructure Management","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","name":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"CA20161109-01:  Security Notice for CA Unified Infrastructure Management","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9164","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9164","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9164","vulnerable":"1","versionEndIncluding":"8.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"unified_infrastructure_management","cpe6":"*","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-9164","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"94257","refsource":"BID","url":"http://www.securityfocus.com/bid/94257"},{"name":"http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html"},{"name":"20161110 CA11/09/2016-01: Security Notice for CA Unified Infrastructure Management","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2016/Nov/55"},{"name":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","refsource":"CONFIRM","url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-16-607","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-16-607"}]}},"nvd":{"publishedDate":"2017-03-07 15:59:00","lastModifiedDate":"2017-03-09 18:32:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ca:unified_infrastructure_management:*:sp1:*:*:*:*:*:*","versionEndIncluding":"8.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9164","Ordinal":"95836","Title":"CVE-2016-9164","CVE":"CVE-2016-9164","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9164","Ordinal":"1","NoteData":"Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"9164","Ordinal":"2","NoteData":"2017-03-07","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9164","Ordinal":"3","NoteData":"2017-03-07","Type":"Other","Title":"Modified"}]}}}