CVE-2019-6504

6.1MEDIUM

Key Information:

Vendor
Ca Technologies - A Broadcom Company
Status
Ca Automic Workload Automation
Vendor
CVE Published:
24 January 2019

Summary

Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.

Affected Version(s)

CA Automic Workload Automation CA Automic Workload Automation 12.0 prior to Automic.Web.Interface 12.0.6 HF2 CA Automic Workload Automation 12.1 prior to Automic.Web.Interface 12.1.3 HF3 CA Automic Workload Automation 12.2 prior to Automic.Web.Interface 12.2.1 HF1

References

https://marc.info/?l=bugtraq&m=154874504200510&w=2
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/106755
vdb-entryx_refsource_BID
https://sec-consult.com/en/blog/advisories/cross-site-scr...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.