CVE-2019-13656 — Improper Access Control in Technologies Client Automation

CWE-284 — Improper Access Control3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

14.6%

top 5.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CA Technologies Client Automation CA Technologies Workload Automation AE Broadcom CA Client Automation +1 more

Timeline

PublishedSep 6

Latest updateMay 24

Description

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5ca_technologies/client_automation14.0

▶CVEListV5ca_technologies/workload_automation_ae11.3.5, 11.3.6+1

▶NVDbroadcom/ca_client_automation14.0

▶NVDbroadcom/ca_workload_automation_ae11.3.5, 11.3.6+1

🔴Vulnerability Details

GHSA

GHSA-wc4j-6w9r-crwf: An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11↗2022-05-24

▶

CVEList

CVE-2019-13656: An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11↗2019-09-06

▶