Broadcom Privileged Access Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Broadcom Privileged Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2018-9029 — CVSS 9.8 (critical): An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
CVE-2018-9021 — CVSS 9.8 (critical): An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary…
CVE-2018-9022 — CVSS 9.8 (critical): An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code…
CVE-2015-4664 — CVSS 9.8 (critical): An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary…
CVE-2019-7392 — CVSS 9.1 (critical): An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to…
CVE-2018-9023 — CVSS 8.8 (high): An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing…
CVE-2018-9025 — CVSS 7.5 (high): An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted…
CVE-2018-9026 — CVSS 7.5 (high): A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially…
CVE-2018-9028 — CVSS 7.5 (high): Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
CVE-2018-9024 — CVSS 5.3 (medium): An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.