Lucene search

[email protected]CVE-2019-6504

HistoryFeb 06, 2019 - 12:29 a.m.

CVE-2019-6504

2019-02-0600:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-6504

automic web interface

ca automic workload automation

xss

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.0%

JSON

Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.

Affected configurations

NVD

Node

broadcomautomic_workload_automationRange12.0–12.2

CPENameOperatorVersion
broadcom:automic_workload_automationbroadcom automic workload automationle12.2

CPE	Name	Operator	Version
broadcom:automic_workload_automation	broadcom automic workload automation	le	12.2

CNA Affected

[
  {
    "product": "CA Automic Workload Automation",
    "vendor": "CA Technologies - A Broadcom Company",
    "versions": [
      {
        "status": "affected",
        "version": "CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106755

communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation

marc.info/?l=bugtraq&m=154874504200510&w=2

packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html

sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/

seclists.org/fulldisclosure/2019/Jan/61

support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for CVE-2019-6504

prion1 packetstorm1 cvelist1 nvd1