← Back

CVE-2019-7394

nvd nist
Published: May 28, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.

Affected (6)

Ca
2 products
Risk Authentication
Strong Authentication
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Ca
Risk Authentication
From 8.0 to 8.2.1
Risk Authentication
Version 3.1
Risk Authentication
Version 9.0
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Ca
Strong Authentication
From 8.0 to 8.2.1
Strong Authentication
Version 7.1
Strong Authentication
Version 9.0

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (10)

Source: vuln@ca.com
Third Party AdvisoryVDB Entry
Source: vuln@ca.com
Mailing ListThird Party Advisory
Source: vuln@ca.com
Third Party AdvisoryVDB Entry
Source: vuln@ca.com
Mailing ListThird Party Advisory
Source: vuln@ca.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.