CVE-2019-7394
Published May 28, 2019
Last updated 4 years ago
Overview
- Description
- A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
- Source
- vuln@ca.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:risk_authentication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F08DB725-FAA3-43E1-A311-6795E9223B7F",
"versionEndIncluding": "8.2.1",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:ca:risk_authentication:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0DB9BF7-B737-4E91-B300-8EED3E74320F"
},
{
"criteria": "cpe:2.3:a:ca:risk_authentication:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3466697E-0524-49D0-B442-9AD1217E6741"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:strong_authentication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC37FEAD-CAE3-48CB-90BB-A7EDEB865F8C",
"versionEndIncluding": "8.2.1",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:ca:strong_authentication:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11106687-4A8C-404B-9A36-1E0D20F9B5CA"
},
{
"criteria": "cpe:2.3:a:ca:strong_authentication:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2455FD87-0FF8-47ED-93BA-23C0AC18B383"
}
],
"operator": "OR"
}
]
}
]