Posted by Williams, Ken on Nov 10

CA20161109-01: Security Notice for CA Unified Infrastructure Management

Issued: November 09, 2016

CA Technologies Support is alerting customers to three vulnerabilities in
CA Unified Infrastructure Management (formerly CA Nimsoft). The first
vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs.
A remote attacker can potentially acquire a session ID and bypass
authentication or elevate privileges. The second…