{"api_version":"1","generated_at":"2026-04-23T04:09:34+00:00","cve":"CVE-2016-9165","urls":{"html":"https://cve.report/CVE-2016-9165","api":"https://cve.report/api/cve/CVE-2016-9165.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9165","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9165"},"summary":{"title":"CVE-2016-9165","description":"The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-03-20 16:59:00","updated_at":"2017-03-23 19:46:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/94257","name":"94257","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"CA Unified Infrastructure Management Directory Traversal And Security Bypass Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-606","name":"http://www.zerodayinitiative.com/advisories/ZDI-16-606","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"ZDI-16-606 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","name":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"CA20161109-01:  Security Notice for CA Unified Infrastructure Management","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9165","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9165","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9165","vulnerable":"1","versionEndIncluding":"8.47","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"unified_infrastructure_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9165","vulnerable":"1","versionEndIncluding":"8.47","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"unified_infrastructure_management_snap","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-9165","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"94257","refsource":"BID","url":"http://www.securityfocus.com/bid/94257"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-16-606","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-16-606"},{"name":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","refsource":"CONFIRM","url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html"}]}},"nvd":{"publishedDate":"2017-03-20 16:59:00","lastModifiedDate":"2017-03-23 19:46:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ca:unified_infrastructure_management_snap:*:*:*:*:*:*:*:*","versionEndIncluding":"8.47","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ca:unified_infrastructure_management:*:*:*:*:*:*:*:*","versionEndIncluding":"8.47","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9165","Ordinal":"95837","Title":"CVE-2016-9165","CVE":"CVE-2016-9165","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9165","Ordinal":"1","NoteData":"The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"9165","Ordinal":"2","NoteData":"2017-03-20","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9165","Ordinal":"3","NoteData":"2017-03-20","Type":"Other","Title":"Modified"}]}}}