CVE-2017-9393

Description

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

Affected products

• CA Technologies / Identity Manager12.6 through 12.6 SP8 – 12.6 through 12.6 SP8
• CA Technologies / Identity Manager14.0 – 14.0
• CA Technologies / Identity Manager14.1 – 14.1

References

• MISChttp://www.securityfocus.com/bid/100956
• MISChttps://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01--security-notice-for-ca-identity-manager.html