Support Content Notification - Support Portal

CA20191210-01: Security Notice for CA Automic Sysload

Product/Component

Notification Id

1863

Last Updated

17 July 2020

Initial Publication Date

11 December 2019

Status

OPEN

Severity

CVSS Base Score

WorkAround

Affected CVE

Issued: December 10th, 2019

Last Updated: December 10th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Automic Sysload in the File Server component. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published solutions to address the vulnerability and recommends that all affected customers implement this solution.

The vulnerability, CVE-2019-19518, occurs due to a lack of authentication on the File Server port. A remote attacker may execute arbitrary commands.

Risk Rating

High

Platform(s)

All supported platforms

Affected Products

CA Automic Sysload 5.6.0, 5.8.0, 5.8.1, 6.0.0, 6.0.1, 6.1.2

How to determine if the installation is affected

A customer is affected by vulnerability if the module Sysload File Server is installed in the following versions:

5.60 (build lower than 60.13)

5.80

6.00 (build lower than 65.6)

Solution

CA Technologies published the following solutions to address the vulnerability:

5.6.0 HF1

5.6.0 HF2

5.8.0 HF1

5.8.1 HF1

6.0.0 HF1

6.0.1 HF1

6.1.2 HF1

Those hotfixes include the module Sysload File Server in the following versions ('readme' file):

5.60 build 60.13 (OS/400)

6.00 build 65.8 (Unix, Windows)

All of the hotfixes are available for download at Sysload downloads.

References

CVE-2019-19518 - CA Automic Sysload

Acknowledgement

CVE-2019-19518 - Raphaël Rigo from the Airbus Security Lab

Change History

Version 1.0: 2019-12-10 - Initial Release

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

Customers who require additional information about this notice may contact CA Technologies Support at https://casupport.broadcom.com/.

To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.

Copyright © 2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.