CVE-2017-8391

EUVD-2017-17343
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
caclient_automation
r12.9
caclient_automation
r14.0
caclient_automation
r14.0:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98344
http://www.securitytracker.com/id/1038410
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html
http://www.securityfocus.com/bid/98344
http://www.securitytracker.com/id/1038410
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html