Vulnerability Name:

CVE-2015-2828 (CCN-102093)

Assigned:2015-04-07
Published:2015-04-07
Updated:2021-04-12
Summary:CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2015-2828

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/131330/Security-Notice-For-CA-Spectrum.html

Source: CCN
Type: BugTraq Mailing List, Tue, 7 Apr 2015 20:41:59 +0000
CA20150407-01: Security Notice for CA Spectrum

Source: CCN
Type: CA20150407-01
Security Notice for CA Spectrum

Source: CONFIRM
Type: Vendor Advisory
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150407-01-security-notice-for-ca-spectrum.aspx

Source: BUGTRAQ
Type: UNKNOWN
20150407 CA20150407-01: Security Notice for CA Spectrum

Source: BID
Type: UNKNOWN
73957

Source: XF
Type: UNKNOWN
ca-spectrum-cve20152828-priv-esc(102093)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:spectrum:9.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:spectrum:9.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:spectrum:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:spectrum:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom spectrum 9.3
    broadcom spectrum 9.2
    ca spectrum 9.2
    ca spectrum 9.3