Vigil@nce - CA Workload Automation AE: three vulnerabilities
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use three vulnerabilities of CA Workload
Automation AE, in order to raise its privileges.
Impacted products: CA Workload Automation
Severity: 2/4
Creation date: 05/06/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in CA Workload Automation
AE.
An attacker can ue an environment variable, in order to escalate
his privileges. [severity:2/4; CVE-2015-3316]
An attacker can make profit from insufficient bound checking
(likely for arrays or buffers). [severity:2/4; CVE-2015-3317]
An attacker can make profit from the incorrect validation of an
unidentified input data. [severity:2/4; CVE-2015-3318]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/CA-Workload-Automation-AE-three-vulnerabilities-17071