CVE-2019-19230

Опубликовано: 09 дек. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.

Ссылки

http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/16
Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/16
Third Party Advisory
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2
Patch
Vendor Advisory
http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/16
Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/16
Third Party Advisory
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:broadcom:nolio:6.6:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05646

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-6w3p-7vr4-75hx

github

больше 3 лет назад