CVE-2019-6504
CVE-2019-6504
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
06 Feb 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.
References
https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automationhttps://marc.info/?l=bugtraq&m=154874504200510&w=2https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.htmlhttps://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/https://seclists.org/fulldisclosure/2019/Jan/61https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.htmlhttp://www.securityfocus.com/bid/106755