- Description
- A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
- Source
- vuln@ca.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:risk_authentication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F08DB725-FAA3-43E1-A311-6795E9223B7F",
"versionEndIncluding": "8.2.1",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:ca:risk_authentication:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0DB9BF7-B737-4E91-B300-8EED3E74320F"
},
{
"criteria": "cpe:2.3:a:ca:risk_authentication:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3466697E-0524-49D0-B442-9AD1217E6741"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:strong_authentication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC37FEAD-CAE3-48CB-90BB-A7EDEB865F8C",
"versionEndIncluding": "8.2.1",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:ca:strong_authentication:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11106687-4A8C-404B-9A36-1E0D20F9B5CA"
},
{
"criteria": "cpe:2.3:a:ca:strong_authentication:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2455FD87-0FF8-47ED-93BA-23C0AC18B383"
}
],
"operator": "OR"
}
]
}
]