Cross-Site Scripting Vulnerability in CA Automic Workload Automation Web Interface
CVE-2019-6504

6.1MEDIUM

Key Information:

Vendor

Ca Technologies - A Broadcom Company

Status
Ca Automic Workload Automation
Vendor
CVE Published:
24 January 2019

What is CVE-2019-6504?

The Automic Web Interface (AWI) in CA Automic Workload Automation versions 12.0 to 12.2 has a vulnerability due to insufficient output sanitization. This flaw could allow attackers to execute persistent cross-site scripting (XSS) attacks by crafting malicious objects, potentially compromising user data and enabling unauthorized actions within the application.

Affected Version(s)

CA Automic Workload Automation CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1

References

https://marc.info/?l=bugtraq&m=154874504200510&w=2
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/106755
vdb-entryx_refsource_BID
https://sec-consult.com/en/blog/advisories/cross-site-scr...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-6504 : Cross-Site Scripting Vulnerability in CA Automic Workload Automation Web Interface