CVE-2017-9393 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-9393

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

Published: Sep 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-9393
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ca / identity_manager_virtual_appliance	14.1	14.1.x
ca / identity_manager_virtual_appliance	14.0	14.0.x
ca / identity_manager	12.6-sp1	12.6-sp1.x
ca / identity_manager	12.6-sp2	12.6-sp2.x
ca / identity_manager	12.6-sp3	12.6-sp3.x
ca / identity_manager	12.6-sp4	12.6-sp4.x
ca / identity_manager	12.6-sp5	12.6-sp5.x
ca / identity_manager	12.6-sp6	12.6-sp6.x
ca / identity_manager	12.6-sp7	12.6-sp7.x
ca / identity_manager	12.6-sp8	12.6-sp8.x
ca / identity_manager	12.6-ga	12.6-ga.x
ca / identity_manager	14.1	14.1.x
ca / identity_manager	14.0	14.0.x