CVE-2016-9795

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:broadcom:ca_workload_automation_ae:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:14.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systemedge:5.8.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systemedge:5.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
cpe:2.3:a:ca:universal_job_management_agent:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*

History

09 Nov 2021, 17:48

Type Values Removed Values Added
References (BUGTRAQ) http://www.securityfocus.com/archive/1/540062/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/540062/100/0/threaded - Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id/1037730 - (SECTRACK) http://www.securitytracker.com/id/1037730 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:ca:workload_automation_ae:11.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ca:workload_automation_ae:11.3:*:*:*:*:*:*:*
cpe:2.3:a:ca:workload_automation_ae:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:workload_automation_ae:11.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:ca_workload_automation_ae:11.0:*:*:*:*:*:*:*

12 Apr 2021, 14:30

Type Values Removed Values Added
CPE cpe:2.3:a:ca:systemedge:5.9:*:*:*:*:*:*:*
cpe:2.3:a:ca:systemedge:5.8.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*
cpe:2.3:a:ca:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systemedge:5.9:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:systemedge:5.8.2:*:*:*:*:*:*:*

08 Apr 2021, 13:07

Type Values Removed Values Added
CPE cpe:2.3:a:ca:client_automation:12.9:*:*:*:*:*:*:*
cpe:2.3:a:ca:client_automation:12.8:*:*:*:*:*:*:*
cpe:2.3:a:ca:client_automation:14.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:14.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:client_automation:12.8:*:*:*:*:*:*:*

Information

Published : 2017-01-27 22:59

Updated : 2023-12-10 12:01


NVD link : CVE-2016-9795

Mitre link : CVE-2016-9795

CVE.ORG link : CVE-2016-9795


JSON object : View

Products Affected

oracle

  • solaris

broadcom

  • ca_workload_automation_ae
  • systems_performance_for_infrastructure_managers
  • systemedge
  • client_automation

ibm

  • aix

ca

  • virtual_assurance_for_infrastructure_managers
  • universal_job_management_agent

hp

  • hp-ux

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation