CVE-2016-9795 Information

Description

The casrvc program in CA Common Services as used in CA Client Automation 12.8 12.9 and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11 11.3 11.3.5 and 11.3.6 on AIX HP-UX Linux and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/archive/1/540062/100/0/threaded http://www.securityfocus.com/bid/95819 http://www.securitytracker.com/id/1037730 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01–security-notice-for-ca-common-services-casrvc.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8