exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Common Services Distributed Intelligence Architecture (DIA) Code Execution

CA Common Services Distributed Intelligence Architecture (DIA) Code Execution
Posted Sep 9, 2019
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Common Services in the Distributed Intelligence Architecture (DIA) component. A vulnerability exists, CVE-2019-13656, that can allow a remote attacker to execute arbitrary code. CA published solutions to address the vulnerabilities and recommends that all affected customers implement these solutions immediately.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2019-13656
SHA-256 | 3a354eedf811cb8771a38e75f0e9fc7bf8d567bb792642529124339c33c4def1

CA Common Services Distributed Intelligence Architecture (DIA) Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions to address the vulnerabilities and
recommends that all affected customers implement these solutions
immediately.

Risk Rating

High

Platform(s)

All supported platforms

Affected Products

CA Common Components DIA

CA Technologies products that bundle this software include:
CA Client Automation 14 and later versions
CA Workload Automation AE 11.3.5 and 11.3.6

How to determine if the installation is affected

Customers should review the Solution section to determine whether the
fix is present.

CA Workload Automation Autosys:

The Distributed Intelligence Architecture (DIA) that installs with
the 11.3.5 and 11.3.6 C3 DVD is vulnerable.

Solution

CA published the following solutions to address the vulnerabilities.
Fixes are available on the CA support site.

CA Client Automation:

Windows
Solution: SO09605

Linux
Solution: SO09633

CA Workload Automation Autosys:

The following are the fixes published by the Workload Automation
Autosys Product team for the vulnerability CVE-2019-13656 reported
against Distributed Intelligence Architecture (DIA) shipped with C3
DVD.

Windows
Solution: SO09111

Linux
Solution: SO09057

HP-UX
Solution: SO09086

Solaris
Solution: SO09084

AIX
Solution: SO09085

Patch Validation

The script applypatch.bat for Windows and applypatch.sh for Linux and
Unix platforms when run should not produce any errors in its console
output. The script starts the NSM services at the end of the patch
application process. A successful patch application is manifested in
the form of all services coming up successfully.

References

CVE-2019-13656 - Ca Common Services remote code execution

Acknowledgement

CVE-2019-13656 - Fredrik Ravne, Oslo Boers

Change History

Version 1.0: Initial Release

CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://casupport.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at ca.psirt <AT> broadcom.com

Security Notices, PGP key, and disclosure policy and guidance
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Kevin Kotas
CA Product Security Incident Response Team

Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsBVAwUBXXK0LLZ6yOO9o8STAQgQBgf/UeZFiw6Ha+eEfAvDIx92DE+gglGuZB20
tc1POyvgJABJGBdyqE1aV+eYoTNhEIagD54Fkl0ZMJnwR2ZrTAdOPV/pOJa/F+z9
ajAv5Oikj2I5SH4MI0Az48ApyyD6y+zQjmu8wc5LH4LfuoujAGOIqF0s6OFMB+hl
B8VDvqJuNvNalEdVFhNxUHfFjxhQaN0H1G9b98Mv9bnZJ/O60+9Kczff9O6m9y7U
Dfaf0pUIqnsYxUVDk2LQ/ydoLji7QtttNXBQHS9zWIjlEkj90ZMleXozYiR6IiaV
NRUpynhlzmJYf9oG0hdLD7WFXStFREf7atL7QDZuL4ar/Zz7+5xEng==
=1Xi9
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close