Cross-Site Scripting Vulnerability in CA Automic Workload Automation Web Interface
CVE-2019-6504
6.1MEDIUM
Key Information:
- Vendor
- CVE Published:
- 24 January 2019
What is CVE-2019-6504?
The Automic Web Interface (AWI) in CA Automic Workload Automation versions 12.0 to 12.2 has a vulnerability due to insufficient output sanitization. This flaw could allow attackers to execute persistent cross-site scripting (XSS) attacks by crafting malicious objects, potentially compromising user data and enabling unauthorized actions within the application.
Affected Version(s)
CA Automic Workload Automation CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1