Security Bulletin: Vulnerability CVE-2019-4031 affects IBM Workload Scheduler

Summary Vulnerability CVE-2019-4031 affects IBM Workload Scheduler because a local user could launch taskLauncher program and create or replace files created by root user escalating privileges. Vulnerability Details CVEID: CVE-2019-4031 DESCRIPTION: IBM Tivoli Workload Scheduler contains a...

IBM Workload Scheduler CVE-2019-4031 Local Privilege Escalation Vulnerability

Description IBM Workload Scheduler is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The following products are affected: IBM Tivoli Workload Scheduler Distributed 9.2.0 FP03 and prior IBM Workload Scheduler Distributed 9.3.0...

How to sign up for FLASHes and SECURITY bulletins

Summary Receiving FLASHES and SECURITY BULLETINS is important to keep up with critical changes Steps How to sign up for product FLASH notifications: http://www-01.ibm.com/software/support/einfo.html Security portal for security/integrity announcements:...

CA Technologies Client Automation and Workload Automation AE Access Control Error Vulnerability

CA Automic Workload Automation is a suite of workload automation solutions from CA USA. The product includes features such as data-driven event automation, managed file transfer, version control and lifecycle management. An access control error vulnerability exists in CA Common Services DIA in CA...

CVE-2019-13656

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code...

CVE-2019-13656

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code...

Code injection

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code...

CVE-2019-13656

CVE-2019-13656 affects CA Technologies Client Automation components: CA Common Services DIA in CA Technologies Client Automation 14 and Workload Automation AE 11.3.5/11.3.6. Multiple sources (NVD/Red Hat/CNVD) describe an access control error that enables a remote attacker to execute arbitrary co...

How to decrease the OpsMgr Health Service load caused by datastore monitoring process

Purpose This article documents how to decrease the OpsMgr Health Service load caused by the datastore monitoring process. Cause Since the datastore monitoring job currently cannot be split among several Veeam VMware Collectors, the amount of processed data may overload the Health Service in large...

Codec H.265 not working in HDX session

H.265 not getting utilized in the HDX session with the below settings: Followed the link: https://docs.citrix.com/en-us/receiver/windows/current-release/improve/h-265-video-encoding.html Studio Policy set: 1. Graphic Status indicator - Disabled 2. Moving Image Compression - Disabled 3. Optimize...

Command injection

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 formerly known as Cisco Workload Automation or CWA. The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers TJB parameters. NOTE: this vulnerability...

CVE-2019-6689

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 formerly known as Cisco Workload Automation or CWA. The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers TJB parameters. NOTE: this vulnerability...

CVE-2019-6689

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 formerly known as Cisco Workload Automation or CWA. The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers TJB parameters. NOTE: this vulnerability...

CVE-2019-6689

CVE-2019-6689 affects Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (Enterprise Scheduler for AIX). Local users can escalate privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. The note cites that the CVE-2014-3272 fix did not cover AIX. Public remediation or exp...

How to pin Citrix Hypervisor Virtual CPUs to specific Physical CPUs

Citrix Hypervisor maps vCPUs to pCPUs by default in a semi-even way to distribute VM load on the host. In some cases it may be needed to have a specific mapping, for example, if some VMs will be CPU intensive while other wont, the intensive VMs can be mapped to exclusive physical CPUs while the...

CVE-2019-6504

Insufficient output sanitization in the Automic Web Interface AWI, in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting XSS attacks via a crafted object...

CVE-2019-6504

Insufficient output sanitization in the Automic Web Interface AWI, in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting XSS attacks via a crafted object...

CVE-2019-6504

The CVE-2019-6504 refers to a Cross-Site Scripting (XSS) vulnerability in the Automic Web Interface (AWI) of CA Automic Workload Automation (formerly UC4), due to insufficient output sanitization. Affected are CA Automic Workload Automation versions 12.0 through 12.2, with the issue enabling pers...

CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-site scripting product: CA Automic Workload Automation Web Interface AWI formerly Automic Automation Engine, UC4 vulnerable version: 12.0, 12.1, 12.2 fixed version:...

Cryptomining Malware Uninstalls Cloud Security Products

Researchers say they have discovered a unique malware family capable of gaining admin rights on targeted systems by uninstalling cloud-security products. Instances of the malicious activity are tied to coin-mining malware targeting Linux servers. Palo Alto Networks’ Unit 42, which published the...