CA20191210-01: Security Notice for CA Automic Sysload
1863
17 July 2020
11 December 2019
OPEN
Issued: December 10th, 2019
Last Updated: December 10th, 2019
CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Automic Sysload in the File Server component. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published solutions to address the vulnerability and recommends that all affected customers implement this solution.
The vulnerability, CVE-2019-19518, occurs due to a lack of authentication on the File Server port. A remote attacker may execute arbitrary commands.
Risk Rating
High
Platform(s)
All supported platforms
Affected Products
CA Automic Sysload 5.6.0, 5.8.0, 5.8.1, 6.0.0, 6.0.1, 6.1.2
How to determine if the installation is affected
A customer is affected by vulnerability if the module Sysload File Server is installed in the following versions:
5.60 (build lower than 60.13)
5.80
6.00 (build lower than 65.6)
Solution
CA Technologies published the following solutions to address the vulnerability:
5.6.0 HF1
5.6.0 HF2
5.8.0 HF1
5.8.1 HF1
6.0.0 HF1
6.0.1 HF1
6.1.2 HF1
Those hotfixes include the module Sysload File Server in the following versions ('readme' file):
5.60 build 60.13 (OS/400)
6.00 build 65.8 (Unix, Windows)
All of the hotfixes are available for download at Sysload downloads.
References
CVE-2019-19518 - CA Automic Sysload
Acknowledgement
CVE-2019-19518 - Raphaël Rigo from the Airbus Security Lab
Change History
Version 1.0: 2019-12-10 - Initial Release
CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
Customers who require additional information about this notice may contact CA Technologies Support at https://casupport.broadcom.com/.
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.
Copyright © 2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.