Vulnerability Details : CVE-2019-13656
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.
Published
2019-09-06 15:15:12
Updated
2020-10-06 20:00:35
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2019-13656
- cpe:2.3:a:broadcom:ca_client_automation:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13656
1.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13656
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
CA Technologies - A Broadcom Company | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-13656
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: vuln@ca.com (Secondary)
References for CVE-2019-13656
-
http://seclists.org/fulldisclosure/2019/Sep/15
Full Disclosure: CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)Mailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Sep/14
Bugtraq: CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/154418/CA-Common-Services-Distributed-Intelligence-Architecture-DIA-Code-Execution.html
CA Common Services Distributed Intelligence Architecture (DIA) Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://casupport.broadcom.com/us/product-content/recommended-reading/security-notices/CA20190904-01--security-notice-for-ca-common-services-distributed-intelligence-architecture-dia.html
CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)Vendor Advisory
Jump to