An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
References
Link | Resource |
---|---|
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2 | Patch Vendor Advisory |
http://seclists.org/fulldisclosure/2019/Dec/16 | Third Party Advisory |
https://seclists.org/bugtraq/2019/Dec/16 | Third Party Advisory |
http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-12-09 13:15
Updated : 2019-12-12 13:53
NVD link : CVE-2019-19230
Mitre link : CVE-2019-19230
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
microsoft
- windows
linux
- linux_kernel
broadcom
- nolio