Vulnerabilites related to CA Technologies - A Broadcom Company - CA Automic Workload Automation
CVE-2019-6504 (GCVE-0-2019-6504)
Vulnerability from cvelistv5
Published
2019-02-06 00:00
Modified
2024-09-16 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Persistent Cross Site Scripting
Summary
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://marc.info/?l=bugtraq&m=154874504200510&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/106755 | vdb-entry, x_refsource_BID | |
| https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Jan/61 | mailing-list, x_refsource_FULLDISC | |
| https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CA Technologies - A Broadcom Company | CA Automic Workload Automation |
Version: CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190128 Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://marc.info/?l=bugtraq\u0026m=154874504200510\u0026w=2"
},
{
"name": "106755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation"
},
{
"name": "20190124 CA20190124-01: Security Notice for CA Automic Workload Automation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jan/61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Automic Workload Automation",
"vendor": "CA Technologies - A Broadcom Company",
"versions": [
{
"status": "affected",
"version": "CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1"
}
]
}
],
"datePublic": "2019-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"name": "20190128 Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://marc.info/?l=bugtraq\u0026m=154874504200510\u0026w=2"
},
{
"name": "106755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation"
},
{
"name": "20190124 CA20190124-01: Security Notice for CA Automic Workload Automation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jan/61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2019-01-24T00:00:00",
"ID": "CVE-2019-6504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Automic Workload Automation",
"version": {
"version_data": [
{
"version_value": "CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1"
}
]
}
}
]
},
"vendor_name": "CA Technologies - A Broadcom Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190128 Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation",
"refsource": "BUGTRAQ",
"url": "https://marc.info/?l=bugtraq\u0026m=154874504200510\u0026w=2"
},
{
"name": "106755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106755"
},
{
"name": "https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/"
},
{
"name": "https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html"
},
{
"name": "https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation",
"refsource": "MISC",
"url": "https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation"
},
{
"name": "20190124 CA20190124-01: Security Notice for CA Automic Workload Automation",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2019/Jan/61"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html",
"refsource": "MISC",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2019-6504",
"datePublished": "2019-02-06T00:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T20:38:11.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}