CVE-2019-6504
CVE-2019-6504
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
06 feb 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.
Productos afectados
CA Technologies - A Broadcom Company · CA Automic Workload AutomationReferencias
https://communities.ca.com/community/product-vulnerability-response/blog/2019/01/24/ca20190124-01-security-notice-for-ca-automic-workload-automationhttps://marc.info/?l=bugtraq&m=154874504200510&w=2https://packetstormsecurity.com/files/151325/CA-Automic-Workload-Automation-12.x-Cross-Site-Scripting.htmlhttps://sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-automic-workload-automation-web-interface-formerly-automic-automation-engine/https://seclists.org/fulldisclosure/2019/Jan/61https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190124-01-security-notice-for-ca-automic-workload-automation.htmlhttp://www.securityfocus.com/bid/106755