what you don't know can hurt you

CA Automic Workload Automation 12.x Cross Site Scripting

CA Automic Workload Automation 12.x Cross Site Scripting
Posted Jan 24, 2019
Authored by Ken Williams, Marc Nimmerrichte | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.

tags | advisory, web, xss
advisories | CVE-2019-6504
MD5 | 7a2927d39fb28bb1d5fe04e9edcc54d3

CA Automic Workload Automation 12.x Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20190124-01: Security Notice for CA Automic Workload Automation

Issued: January 24, 2019
Last Updated: January 24, 2019

CA Technologies Support is alerting customers to a potential risk with
CA Automic Workload Automation Automic Web Interface (AWI). A
vulnerability exists that can allow an attacker to potentially conduct
persistent cross site scripting (XSS) attacks.

The vulnerability, CVE-2019-6504, has a medium risk rating and
concerns insufficient output sanitization, which can allow an attacker
to potentially conduct persistent cross site scripting (XSS) attacks.


Risk Rating

Medium


Platform(s)

All supported platforms


Affected Products

CA Automic Workload Automation 12.0
CA Automic Workload Automation 12.1
CA Automic Workload Automation 12.2


Unaffected Products

CA Automic Workload Automation 12.0 with Automic.Web.Interface
12.0.6 HF2

CA Automic Workload Automation 12.1 with Automic.Web.Interface
12.1.3 HF3

CA Automic Workload Automation 12.2 with Automic.Web.Interface
12.2.1 HF1


How to determine if the installation is affected

The version number is visible in the About section of AWI. Check the
About window after login to AWI to determine the current installed
version.


Solution

CA Technologies published the following solutions to address the
vulnerabilities.

CA Automic Workload Automation 12.0:
Apply Automic.Web.Interface 12.0.6 HF2

CA Automic Workload Automation 12.1:
Apply Automic.Web.Interface 12.1.3 HF3

CA Automic Workload Automation 12.2:
Apply Automic.Web.Interface 12.2.1 HF1

The fixes can be found at https://downloads.automic.com/


References

CVE-2019-6504 - CA Automic Workload Automation Persistent XSS
vulnerability


Acknowledgement

CVE-2019-6504 - Marc Nimmerrichter from SEC Consult Vulnerability Lab


Change History

Version 1.0: 2019-01-24 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Enterprise Software R&D
CA Technologies, A Broadcom Company | ca.com | broadcom.com


Copyright (c) 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All other trademarks, trade
names, service marks, and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsFVAwUBXEpaSblJjor7ahBNAQh8eBAAjEuXp96eWVTv+bmSGBUi8qE/ql0m366n
ApEqok1M0uNiwAte+MpZCfe1QBXzEMlxI3rRzwoU/2AgN6td1Ot2onF3ZSu41xZZ
T5Vl8YUgD+H+1aG+lPb2PtqGAkKiiq9/0v7Usa3j2Q0hFcOuzFizUrFwL0zisQqQ
3Yqxe0Z524bxsYOoq3tM6u40hJepA/xrRVehLDXZBEUPoebZ3GjRSgAtcrm1umlQ
i4i35xXJ5bO4un0AdBITl9pbYFRsWsT/UmC3SWuqrRNEfPifig0+N0mQFr3HYss8
7P/t9unyX45K8lK8x88zZVLoEpN4hZSi5ClH3KP7ZaSmWlgQXLP7Llw/DAy8oOPc
xl8QPkhgNusrBgvUb2LtOoIzD89V+bz2tHYpJ0jpYjXRAjTvfmWCpq96+Kv9qj2/
CGjUHSxrLOvKhg+p3UHerAFYpIa0R4qajoN6D/w69fqaD+8Yzq82oK73M9dcXjPG
oiT5V+nC9eWufjpugrJL3ZfaXGz9guLzKrI1IToKNj9iv35umVkSNil3zE5N7nuz
UQtqxEBjD/P54KM8fULbtl+4MbWUB7eDq4jeCvD8Ipe3smJ32VfDzMhco4IYxxVS
yQt7+lMzNYi/yYazREJzdNbsRw8oCtYJUeYeZtGw1QeUK84TP3dobwqZHte+MonN
nJwOOIH2Kpg=
=90ur
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    12 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close