CVE-2017-8391
Published May 6, 2017
Last updated 5 years ago
Overview
- Description
- The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-732
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:client_automation:r12.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB5FAE9D-2ECB-41A0-8044-BD4B6A049941"
},
{
"criteria": "cpe:2.3:a:ca:client_automation:r14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "822846C6-B04D-430B-B831-321E0A854771"
},
{
"criteria": "cpe:2.3:a:ca:client_automation:r14.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81A0389B-F9B6-4A12-9D22-20FC662E5492"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]