The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CA Automic Workload Automation

computer vulnerability note CVE-2019-6504

CA Automic Workload Automation: Cross Site Scripting via AWI

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via AWI of CA Automic Workload Automation, in order to run JavaScript code in the context of the web site.
Impacted products: CA Workload Automation.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/01/2019.
Identifiers: CA20190124-01, CVE-2019-6504, SA-20190124-0, VIGILANCE-VUL-28369.

Description of the vulnerability

The CA Automic Workload Automation product offers a web service.

However, it does not filter received data via AWI before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via AWI of CA Automic Workload Automation, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-8953

CA Workload Automation AE: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of CA Workload Automation AE, in order to read or alter data.
Impacted products: CA Workload Automation.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 30/03/2018.
Identifiers: CA20180329-01, CVE-2018-8953, VIGILANCE-VUL-25738.

Description of the vulnerability

The CA Workload Automation AE product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of CA Workload Automation AE, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9795

CA Workload Automation: privilege escalation via casrvc

Synthesis of the vulnerability

A local attacker can use the program casrvc of CA Workload Automation, in order to change arbitrary files and maybe to get a shell with administrator privileges.
Impacted products: CA Workload Automation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 27/01/2017.
Identifiers: CA20170126-01, CVE-2016-9795, VIGILANCE-VUL-21695.

Description of the vulnerability

The CA Workload Automation product includes the component CA Common Services.

This component includes a program casrvc. However, this program does not rightly check its input or arguments of kind filename, before using them with administration privileges.

A local attacker can therefore use the program casrvc of CA Workload Automation, in order to change arbitrary files and maybe to get a shell with administrator privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-3316 CVE-2015-3317 CVE-2015-3318

CA Workload Automation AE: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of CA Workload Automation AE, in order to raise its privileges.
Impacted products: CA Workload Automation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/06/2015.
Identifiers: CA20150604-01, CVE-2015-3316, CVE-2015-3317, CVE-2015-3318, VIGILANCE-VUL-17071.

Description of the vulnerability

Several vulnerabilities were announced in CA Workload Automation AE.

An attacker can ue an environment variable, in order to escalate his privileges. [severity:2/4; CVE-2015-3316]

An attacker can make profit from insufficient bound checking (likely for arrays or buffers). [severity:2/4; CVE-2015-3317]

An attacker can make profit from the incorrect validation of an unidentified input data. [severity:2/4; CVE-2015-3318]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-0691 CVE-2012-0692

CA ARCserve Backup, Workload Automation: two vulnerabilities of CA License

Synthesis of the vulnerability

A local attacker can use two vulnerabilities of CA License, in order to elevate his privileges or to create a file, via CA ARCserve Backup or CA Workload Automation.
Impacted products: ARCserve Backup, CA Workload Automation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/10/2012.
Identifiers: BID-55737, CA20121001-01, CERTA-2012-AVI-543, CVE-2012-0691, CVE-2012-0692, VIGILANCE-VUL-11991.

Description of the vulnerability

The CA ARCserve Backup and CA Workload Automation products contain the CA License component. However, this component is impacted by two vulnerabilities.

A local attacker can execute commands with system privileges. [severity:2/4; CVE-2012-0691]

A local attacker can create or alter files with elevated privileges. [severity:2/4; CVE-2012-0692]

A local attacker can therefore use two vulnerabilities of CA License, in order to elevate his privileges or to create a file, via CA ARCserve Backup or CA Workload Automation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-3849

CA Directory: denial of service via SNMP

Synthesis of the vulnerability

An attacker can send a malicious SNMP packer to CA Directory, in order to stop it, or to create a denial of service on products depending on it.
Impacted products: SiteMinder, CA Workload Automation.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 17/11/2011.
Identifiers: BID-50699, CA20111116-01, CERTA-2011-AVI-660, CVE-2011-3849, VIGILANCE-VUL-11165.

Description of the vulnerability

The CA Directory product is provided with:
 - CA SiteMinder
 - CA Embedded Entitlements Manager
 - etc.
The CA Embedded Entitlements Manager product is provided with:
 - CA Workload Automation
 - etc.

An attacker can send a malicious SNMP packer to CA Directory, in order to stop it, or to create a denial of service on products depending on it.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CA Automic Workload Automation: