Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2017-9393

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

  • Published: Sep 22, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-9393
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
ca / identity_manager_virtual_appliance 14.1 14.1.x
ca / identity_manager_virtual_appliance 14.0 14.0.x
ca / identity_manager 12.6-sp1 12.6-sp1.x
ca / identity_manager 12.6-sp2 12.6-sp2.x
ca / identity_manager 12.6-sp3 12.6-sp3.x
ca / identity_manager 12.6-sp4 12.6-sp4.x
ca / identity_manager 12.6-sp5 12.6-sp5.x
ca / identity_manager 12.6-sp6 12.6-sp6.x
ca / identity_manager 12.6-sp7 12.6-sp7.x
ca / identity_manager 12.6-sp8 12.6-sp8.x
ca / identity_manager 12.6-ga 12.6-ga.x
ca / identity_manager 14.1 14.1.x
ca / identity_manager 14.0 14.0.x