PatchSiren cyber security CVE debrief

CVE-2016-5803 Ca Technologies CVE debrief

CVE-2016-5803 affects CA Unified Infrastructure Management version 8.47 and earlier. NVD describes a path traversal weakness where external input is used to build a pathname without properly neutralizing ".." sequences, allowing access outside a restricted directory. The issue is network exploitable without authentication and is scored 8.6 (HIGH) by NVD.

Vendor: Ca Technologies
Product: CVE-2016-5803
CVSS: HIGH 8.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Administrators, vulnerability management teams, and SOC/incident response staff responsible for CA Unified Infrastructure Management deployments at version 8.47 or earlier.

Technical summary

NVD maps this issue to CWE-22 (Path Traversal). The vulnerability is exposed over the network with no privileges or user interaction required (CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). According to the supplied NVD record, affected versions extend through 8.47. The core problem is unsafe pathname construction from external input, which can permit traversal outside the intended directory boundary.

Defensive priority

High. This is an unauthenticated, network-reachable path traversal issue with high confidentiality impact, so exposed CA UIM instances should be prioritized for patching or mitigation ahead of lower-severity issues.

Recommended defensive actions

Apply the vendor remediation guidance from the CA security notice and the corresponding ICS-CERT advisory for CA Unified Infrastructure Management.
Upgrade or replace any CA Unified Infrastructure Management deployment running version 8.47 or earlier.
Restrict network access to the management interface until remediation is complete, especially from untrusted or broadly reachable networks.
Review file access, application, and web logs for unexpected path patterns or attempts to reference parent-directory sequences such as "..".
Validate that any local compensating controls still prevent directory traversal after remediation, including input handling and path normalization checks.

Evidence notes

The supplied NVD record lists CVE-2016-5803 as published on 2017-02-13 and modified on 2026-05-13. It identifies CA Technologies Unified Infrastructure Management versions through 8.47 as vulnerable, assigns CWE-22, and gives CVSS v3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L. Supporting references in the source corpus include the ICS-CERT advisory, the SecurityFocus BID entry, and the CA security notice.

Official resources

CVE-2016-5803 CVE record
CVE.org
CVE-2016-5803 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, US Government Resource
Source reference
[email protected]

Publicly listed in NVD on 2017-02-13; last modified in the supplied source record on 2026-05-13. No KEV listing is present in the supplied data.