what you don't know can hurt you

CA Nolio 6.6 Arbitrary Code Execution

CA Nolio 6.6 Arbitrary Code Execution
Posted Dec 10, 2019
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Nolio (Release Automation) in the DataManagement component. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA published a solution to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to insecure deserialization. A remote attacker may execute arbitrary commands by exploiting insecure deserialization through the DataManagement service.

tags | advisory, remote, arbitrary
advisories | CVE-2019-19230
MD5 | 9248904c6a72fc2220b9a25d486cb249

CA Nolio 6.6 Arbitrary Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20191209-01: Security Notice for CA Nolio (Release Automation)

Issued: December 9th, 2019
Last Updated: December 9th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Nolio (Release Automation) in the
DataManagement component. A vulnerability exists that can allow a
remote attacker to execute arbitrary code. CA published a solution
to address the vulnerability and recommends that all affected
customers implement this solution.

The vulnerability, CVE-2019-19230, occurs due to insecure
deserialization. A remote attacker may execute arbitrary commands by
exploiting insecure deserialization through the DataManagement
service.

Risk Rating

High

Platform(s)

All supported platforms

Affected Products

CA Nolio (formerly CA Release Automation) 6.6

How to determine if the installation is affected

Customers may use the product version to determine if their Nolio
installation is affected. The vulnerability impacts the
DataManagement component, which is the main product component on all
Management Servers (aka NACs).

Solution

Broadcom published the following solutions to address the
vulnerability. Customers should also review the Secure
Communications documentation.

Fix documentation
Whats.new.6.6.0.10215.txt

CA Nolio (Release Automation) 6.6 Linux:
nolio_patch_linux-x64_6_6_0_b10215.zip

CA Nolio (Release Automation) 6.6 Windows:
nolio_patch_windows-x64_6_6_0_b10215.zip


References
CVE-2019-19230 - CA Nolio (Release Automation) DataManagement
deserialization

Acknowledgement

CVE-2019-19230 - Jakub Palaczynski and Robert Podsiadlo from ING
Tech Poland

Change History

Version 1.0: 2019-12-09 - Initial Release

CA customers may receive product alerts and advisories by
subscribing to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://casupport.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at ca.psirt <AT> broadcom.com

Security Notices, PGP key, and disclosure policy and guidance
https://techdocs.broadcom.com/ca-psirt

Kevin Kotas
CA Product Security Incident Response Team

Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsBVAwUBXe/B2LZ6yOO9o8STAQjRJgf/XEPmnbxEMup00b9/kySn3PL/W8XEHsb1
xA14xV47ctFsbOwglyjnN5E9fyOgC8ztoAQXNCNC90ZmzFHDTUYPJbm+VTj4IhOa
apEi37D58uRAKK7QWNvxpCBqHwzQETi9UuZ6TUFbw0Xl7qcwFCs2UafZVPAZJfOF
7abjEDDalrhZSjKHjVmb11NpBWESgWeM9QHaG+quZlgI2vQT1MNss8H3GJlJfeEH
UY+iv0RKmNUYleEs/qeV1PKn0B4lAXg2KLcWXjBV4vNk6fCjBj/18Rc88gmYCoQE
HkOXoq1V0nIaOCrPXr/lxKa3b1o3v0vJVXkJftzB8Ao0j2oZaFotiA==
=Ggld
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close