The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/94257 | Third Party Advisory VDB Entry |
http://www.zerodayinitiative.com/advisories/ZDI-16-606 | Third Party Advisory VDB Entry |
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-03-20T16:00:00
Updated: 2017-03-20T15:57:01
Reserved: 2016-11-03T00:00:00
Link: CVE-2016-9165
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-03-20T16:59:01.767
Modified: 2017-03-23T19:46:01.383
Link: CVE-2016-9165
JSON object: View
Redhat Information
No data.
CWE