Vulnerability Name: CVE-2015-3316 (CCN-103628) Assigned: 2015-06-04 Published: 2015-06-04 Updated: 2021-04-09 Summary: CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable. CVSS v3 Severity: 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P 3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P 3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2015-3316 Security Notice for CA Common Services http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx 75033 1032512 1032513 ca-common-cve20153316-priv-esc(103628) Vulnerable Configuration: Configuration 1 :cpe:/a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:* OR cpe:/a:ca:network_and_systems_management:r11.2:*:*:*:*:*:*:* OR cpe:/a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:* OR cpe:/a:ca:workload_automation_ae:r11.3.6:*:*:*:*:*:*:* OR cpe:/a:ca:client_automation:r12.5:sp01:*:*:*:*:*:* OR cpe:/a:ca:client_automation:r12.8:*:*:*:*:*:*:* OR cpe:/a:ca:nsm_job_management_option:r11.2:*:*:*:*:*:*:* OR cpe:/a:ca:universal_job_management_agent:-:*:*:*:*:*:*:* OR cpe:/a:ca:workload_automation_ae:r11:*:*:*:*:*:*:* OR cpe:/a:ca:nsm_job_management_option:r11.0:*:*:*:*:*:*:* OR cpe:/a:ca:nsm_job_management_option:r11.1:*:*:*:*:*:*:* OR cpe:/a:ca:workload_automation_ae:r11.3.5:*:*:*:*:*:*:* OR cpe:/a:ca:workload_automation_ae:r11.3:*:*:*:*:*:*:* OR cpe:/a:ca:client_automation:r12.9:*:*:*:*:*:*:* OR cpe:/a:ca:virtual_assurance_for_infrastructure_managers:12.6:*:*:*:*:*:*:* OR cpe:/a:ca:virtual_assurance_for_infrastructure_managers:12.7:*:*:*:*:*:*:* OR cpe:/a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:* AND cpe:/o:ibm:aix:*:*:*:*:*:*:*:* OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* OR cpe:/o:oracle:solaris:-:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:broadcom:common_services:-:*:*:*:*:*:*:* BACK
broadcom network and systems management r11.1
ca network and systems management r11.2
ca virtual assurance for infrastructure managers 12.9
ca workload automation ae r11.3.6
ca client automation r12.5 sp01
ca client automation r12.8
ca nsm job management option r11.2
ca universal job management agent -
ca workload automation ae r11
ca nsm job management option r11.0
ca nsm job management option r11.1
ca workload automation ae r11.3.5
ca workload automation ae r11.3
ca client automation r12.9
ca virtual assurance for infrastructure managers 12.6
ca virtual assurance for infrastructure managers 12.7
ca virtual assurance for infrastructure managers 12.8
ibm aix *
linux linux kernel *
oracle solaris -
hp hp-ux *
ca common services -
Denotes that component is vulnerable