CVE-2016-10086

Published: Jan 18, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

Affected (2)

Products: Ca: Service Desk Management, Service Desk Manager

2 products

Service Desk Management

Service Desk Manager

Configuration A

2 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Ca Service Desk Management	Version 14.1
Ca Service Desk Manager	Version 12.9

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions
Oracle Solaris	All versions

Related CWEs

CWE-264

References (6)

http://www.securityfocus.com/bid/95366

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037583

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/95366

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037583

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.