CA Unified Infrastructure Management < 8.48 / 8.53 Multiple Vulnerabilities (CA20180829-02)
Critical Nessus Plugin ID 117341
SynopsisA web application running on the remote host is affected by multiple information disclosure vulnerabilities.
DescriptionAccording to its self-reported version number from the CA Unified Infrastructure Management (UIM) application running on the remote host is prior to 8.48 or 8.53. It is, therefore, affected by multiple vulnerabilities :
- A hardcoded secret key exists that could allow information disclosure. (CVE-2018-13819)
- A hardcoded passphrase exists that could allow information disclosure. (CVE-2018-13820)
- An unspecified authentication error exists that could allow various actions including reading and writing files. (CVE-2018-13821)
Note: The version was determined by checking the Unified Management Portal instance running on this host; however, it may not directly reflect the version of the Unified Infrastructure Management instance.
SolutionUpgrade to CA UIM version 8.48 or 8.53 or later.