CVE-2019-6689
Summary
| CVE | CVE-2019-6689 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-26 19:29:00 UTC |
| Updated | 2019-05-02 15:43:00 UTC |
| Description | An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dillonkane | Tidal Workload Automation | 3.2.0.5 | All | All | All |
| Application | Dillonkane | Tidal Workload Automation | 3.2.0.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| An Improper Cisco Fix for CVE-2014-3272 – Ash's Security Findings | MISC | ashsecurity.wordpress.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.