UIM vulnerabilities CVE-2020-8010, CVE-2020-8011, CVE-2020-8012


Article ID: 222700


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM)


The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system.

The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service.

The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.






Release : UIM 20.3.x

Component : Robot - 9.32, 9.33




UIM product versions 20.1.x, 20.3.x, and 9.20 and below are affected. The applicable component is robot (also known as controller).

The robot versions below 7.97HF8, 9.20HF9, 9.20SHF9, 9.33HF5, and 9.33SHF5 are affected

For UIM 20.3.x this issue has been fixed and robot_update_9.33_HF5 has been released. Can be downloaded from the UIM HF Index link below


Additional Information

CA20200205-01: Security Notice for CA Unified Infrastructure Management