Remote Command Execution Vulnerability in CA Performance Management
CVE-2019-13657

9.8CRITICAL

What is CVE-2019-13657?

The software CA Performance Management versions 3.5.x, 3.6.x prior to 3.6.9, and 3.7.x prior to 3.7.4 are susceptible to a critical security flaw that stems from the use of default credentials. This vulnerability can be exploited by remote attackers to execute arbitrary commands on the system, leading to a complete compromise of system integrity. It's essential for users to ensure proper credential management and apply the necessary patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

CA Performance Management 3.5.x

CA Performance Management 3.6.x before 3.6.9

CA Performance Management 3.7.x before 3.7.4

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.