CVE-2019-6504

EUVD-2019-16063
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
broadcomautomic_workload_automation
12.0 ≤
𝑥
≤ 12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106755
https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation
https://marc.info/?l=bugtraq&m=154874504200510&w=2
https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html
https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/
https://seclists.org/fulldisclosure/2019/Jan/61
https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html
http://www.securityfocus.com/bid/106755
https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automation
https://marc.info/?l=bugtraq&m=154874504200510&w=2
https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.html
https://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/
https://seclists.org/fulldisclosure/2019/Jan/61
https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.html