Vulnerability Description
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Ca Workload Automation Ae | 11.0 |
| Broadcom | Client Automation | 12.8 |
| Broadcom | Systemedge | 5.8.2 |
| Broadcom | Systems Performance For Infrastructure Managers | 12.8 |
| Ca | Universal Job Management Agent | 11.2 |
| Ca | Virtual Assurance For Infrastructure Managers | 12.8 |
| Hp | Hp-Ux | All versions |
| Ibm | Aix | All versions |
| Linux | Linux Kernel | All versions |
| Oracle | Solaris | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/540062/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/95819Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037730Third Party AdvisoryVDB Entry
- https://www.ca.com/us/services-support/ca-support/ca-support-online/product-contVendor Advisory
- http://www.securityfocus.com/archive/1/540062/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/95819Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037730Third Party AdvisoryVDB Entry
- https://www.ca.com/us/services-support/ca-support/ca-support-online/product-contVendor Advisory
FAQ
What is CVE-2016-9795?
CVE-2016-9795 is a vulnerability with a CVSS score of 7.8 (HIGH). The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Univer...
How severe is CVE-2016-9795?
CVE-2016-9795 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9795?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Ca Workload Automation Ae, Broadcom Client Automation, Broadcom Systemedge, Broadcom Systems Performance For Infrastructure Managers, Ca Universal Job Management Agent.