CVE-2024-38499

CVSS V2 None CVSS V3 None
Description
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
Overview
  • CVE ID
  • CVE-2024-38499
  • Assigner
  • symantec
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-17T05:43:00.369Z
  • Last Modified Date
  • 2024-12-17T05:43:00.369Z
History
Created Old Value New Value Data Type Notes
2024-12-17 13:47:47 Added to TrackCVE