exploitDog

CVE-2019-6689

Опубликовано: 26 апр. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems.

Ссылки

https://ashsecurity.wordpress.com/2019/04/25/an-improper-cisco-fix-for-cve-2014-3272/
Third Party Advisory
https://ashsecurity.wordpress.com/2019/04/25/an-improper-cisco-fix-for-cve-2014-3272/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dillonkane:tidal_workload_automation:3.2.0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00405

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-hvrp-9cfx-w3x4

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems.

EPSS

Процентиль: 60%

0.00405

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-77