Description
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
Affected products
- CA Technologies - A Broadcom Company / CA Risk Authentication3.1.x – 3.1.x
- CA Technologies - A Broadcom Company / CA Risk Authentication9.0.x – 9.0.x
- CA Technologies - A Broadcom Company / CA Risk Authentication8.2.x – 8.2.x
- CA Technologies - A Broadcom Company / CA Risk Authentication8.1.x – 8.1.x
- CA Technologies - A Broadcom Company / CA Risk Authentication8.0.x – 8.0.x
- CA Technologies - A Broadcom Company / CA Strong Authentication9.0.x – 9.0.x
- CA Technologies - A Broadcom Company / CA Strong Authentication8.2.x – 8.2.x
- CA Technologies - A Broadcom Company / CA Strong Authentication8.1.x – 8.1.x
- CA Technologies - A Broadcom Company / CA Strong Authentication8.0.x – 8.0.x
- CA Technologies - A Broadcom Company / CA Strong Authentication7.1.x – 7.1.x
References
- MAILING_LISThttps://seclists.org/bugtraq/2019/May/66
- EXPLOIThttp://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html
- MISChttp://www.securityfocus.com/bid/108483
- MISChttps://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190523-01--security-notice-for-ca-risk-authentication-and-ca-strong-authentication.html
- MAILING_LISThttp://seclists.org/fulldisclosure/2019/May/43