CVE-2015-2828 | Vulnerability Database | Aqua Security

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

Affected Software

Name	Vendor	Start Version	End Version
Spectrum	Broadcom	9.2 (including)	9.2 (including)
Spectrum	Broadcom	9.3 (including)	9.3 (including)

References

http://packetstormsecurity.com/files/131330/Security-Notice-For-CA-Spectrum.html
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150407-01-security-notice-for-ca-spectrum.aspx
http://www.securityfocus.com/archive/1/535205/100/0/threaded
http://www.securityfocus.com/bid/73957
http://packetstormsecurity.com/files/131330/Security-Notice-For-CA-Spectrum.html
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150407-01-security-notice-for-ca-spectrum.aspx
http://www.securityfocus.com/archive/1/535205/100/0/threaded
http://www.securityfocus.com/bid/73957

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2828
CWE	https://cwe.mitre.org/data/definitions/264.html