118 matches found
CVE-2019-6504
The CVE-2019-6504 refers to a Cross-Site Scripting (XSS) vulnerability in the Automic Web Interface (AWI) of CA Automic Workload Automation (formerly UC4), due to insufficient output sanitization. Affected are CA Automic Workload Automation versions 12.0 through 12.2, with the issue enabling pers...
CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-site scripting product: CA Automic Workload Automation Web Interface AWI formerly Automic Automation Engine, UC4 vulnerable version: 12.0, 12.1, 12.2 fixed version:...
Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386)
Summary SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain root privileges Vulnerability Details Some programs in IBM Workload Scheduler are executed with elevated privileges SetGID and SetUID programs and have been compiled to search for libraries in an insecure...
CA Workload Automation AE SQL Injection Vulnerability
CA Workload Automation AE is a workload automation tool from CA. CA Workload Automation AE suffers from a SQL injection vulnerability. A remote attacker could exploit this vulnerability via a specially crafted HTTP request to conduct a SQL injection attack...
CA Workload Control Center Arbitrary Code Execution Vulnerability
CA Workload Control Center is the GUI for CA Workload Automation AE. An arbitrary code execution vulnerability exists in CA Workload Control Center. A remote attacker could exploit this vulnerability to execute arbitrary code via a specially crafted HTTP request...
CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
Sql injection
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
CVE-2018-8953
CA Workload Automation AE is vulnerable to SQL injection via a crafted HTTP request when running versions prior to r11.3.6 SP7. The issue is documented by the CVE-2018-8953 entry and corroborated by multiple connected sources (NVD/CNVD references), which indicate remote attacker access without us...
CVE-2018-1386
IBM Tivoli Workload Automation for AIX IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4 contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208...
CVE-2018-1386
IBM Tivoli Workload Automation for AIX IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4 contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208...
Improper access control
IBM Tivoli Workload Automation for AIX IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4 contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208...
CVE-2018-1386
IBM Tivoli Workload Automation for AIX IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4 contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208...
PT-2018-12226 · Ibm · Ibm Tivoli Workload Automation
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Workload Automation for AIX versions 8.6 through 9.4 Description: The issue is related to directories with improper permissions, which could allow a local user with special access to gain root privileges. Recommendations: For...
CVE-2018-1386
IBM Tivoli Workload Scheduler (AIX) is affected by CVE-2018-1386 through user-space directory permission issues in SetGID/SetUID programs, enabling local privilege escalation by placing a malicious library in insecure directories. Affected products/versions: IBM Workload Scheduler Distributed 8.6...
Multiple Cisco Products Arbitrary File Read Vulnerabilities
Cisco Tidal Enterprise Scheduler and Cisco Workload Automation Client Manager Server are both products of Cisco, Inc.Cisco Tidal Enterprise Scheduler is a cross-platform enterprise Cisco Tidal Enterprise Scheduler is a cross-platform enterprise scheduling application. An arbitrary file read...
Input validation
A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit...
CVE-2017-3846
A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit...