Vulnerability Details CVE-2019-19230
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/Dec/16
- https://seclists.org/bugtraq/2019/Dec/16
- https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2
- http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/Dec/16
- https://seclists.org/bugtraq/2019/Dec/16
- https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2