Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9795

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 10 products from broadcom, from broadcom, from broadcom and 7 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-01-27T22:59:02.100

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	ca_workload_automation_ae	11.0	Yes
Application	broadcom	ca_workload_automation_ae	11.3	Yes
Application	broadcom	ca_workload_automation_ae	11.3.5	Yes
Application	broadcom	ca_workload_automation_ae	11.3.6	Yes
Application	broadcom	client_automation	12.8	Yes
Application	broadcom	client_automation	12.9	Yes
Application	broadcom	client_automation	14.0	Yes
Application	broadcom	systemedge	5.8.2	Yes
Application	broadcom	systemedge	5.9	Yes
Application	broadcom	systems_performance_for_infrastructure_managers	12.8	Yes
Application	broadcom	systems_performance_for_infrastructure_managers	12.9	Yes
Application	ca	universal_job_management_agent	11.2	Yes
Application	ca	virtual_assurance_for_infrastructure_managers	12.8	Yes
Application	ca	virtual_assurance_for_infrastructure_managers	12.9	Yes
Operating System	hp	hp-ux	*	No
Operating System	ibm	aix	*	No
Operating System	linux	linux_kernel	*	No
Operating System	oracle	solaris	*	No

References

http://www.securityfocus.com/archive/1/540062/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/95819 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037730 Third Party Advisory, VDB Entry ([email protected])
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/540062/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95819 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037730 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For broadcom's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.