Vulnerability Description
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ca | Unified Infrastructure Management | <= 8.47 |
| Ca | Unified Infrastructure Management Snap | <= 8.47 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94257Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-16-606Third Party AdvisoryVDB Entry
- https://www.ca.com/us/services-support/ca-support/ca-support-online/product-contVendor Advisory
- http://www.securityfocus.com/bid/94257Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-16-606Third Party AdvisoryVDB Entry
- https://www.ca.com/us/services-support/ca-support/ca-support-online/product-contVendor Advisory
FAQ
What is CVE-2016-9165?
CVE-2016-9165 is a vulnerability with a CVSS score of 7.5 (HIGH). The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote...
How severe is CVE-2016-9165?
CVE-2016-9165 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9165?
Check the references section above for vendor advisories and patch information. Affected products include: Ca Unified Infrastructure Management, Ca Unified Infrastructure Management Snap.