Remote Command Execution Vulnerability in CA Performance Management
CVE-2019-13657

9.8CRITICAL

Key Information:

Vendor

Ca Technologies, A Broadcom Company

Status
Ca Performance Management
Vendor
CVE Published:
17 October 2019

What is CVE-2019-13657?

The software CA Performance Management versions 3.5.x, 3.6.x prior to 3.6.9, and 3.7.x prior to 3.7.4 are susceptible to a critical security flaw that stems from the use of default credentials. This vulnerability can be exploited by remote attackers to execute arbitrary commands on the system, leading to a complete compromise of system integrity. It's essential for users to ensure proper credential management and apply the necessary patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

CA Performance Management 3.5.x

CA Performance Management 3.6.x before 3.6.9

CA Performance Management 3.7.x before 3.7.4

References

https://seclists.org/bugtraq/2019/Oct/26
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/154904/CA-Performanc...
x_refsource_MISC
https://techdocs.broadcom.com/us/product-content/recommen...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.