CVE-2024-38499

Published: Dec 17, 2024

Modified: Dec 19, 2024

PUBLISHED

Description

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.

Vendor	Product	Versions
Broadcom	CA Client Automation (ITCM)	affected `14.5 CU7`

Weaknesses (CWE)

CWE-269

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-38499

Description

Affected Products

Weaknesses (CWE)

References