Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14597

CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.

Published

2018-10-17T21:49:52.897

Last Modified

2024-11-21T03:49:22.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-203
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	ca_identity_governance	≤ 14.2	Yes
Application	broadcom	ca_identity_governance	12.6	Yes
Application	broadcom	ca_identity_suite_virtual_appliance	≤ 14.2	Yes

References

http://www.securityfocus.com/bid/105688 Third Party Advisory, VDB Entry ([email protected])
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/105688 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)