CA Workload Automation AE和CA Technologies Client Automation都是美国CA（CA）公司的产品。CA Workload Automation AE是一套工作负载自动化解决方案。该产品包括数据驱动的事件自动化、托管文件传输、版本控制和生命周期管理等功能。CA Technologies Client Automation是一套IT资产管理解决方案。CA Common Services DIA是其中的一个CA通用服务中的分布式智能体系结构（DIA）组件。
CA Technologies Client Automation 14版本和Workload Automation AE 11.3.5版本和11.3.6版本中的CA Common Services DIA存在访问控制错误漏洞。远程攻击者可利用该漏洞执行任意代码。
-----BEGIN PGP SIGNED MESSAGE-----
CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)
Issued: September 4th, 2019
Last Updated: September 4th, 2019
CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions to address the vulnerabilities and
recommends that all affected customers implement these solutions
All supported platforms
CA Common Components DIA
CA Technologies products that bundle this software include:
CA Client Automation 14 and later versions
CA Workload Automation AE 11.3.5 and 11.3.6
How to determine if the installation is affected
Customers should review the Solution section to determine whether the
fix is present.
CA Workload Automation Autosys:
The Distributed Intelligence Architecture (DIA) that installs with
the 11.3.5 and 11.3.6 C3 DVD is vulnerable.
CA published the following solutions to address the vulnerabilities.
Fixes are available on the CA support site.
CA Client Automation:
CA Workload Automation Autosys:
The following are the fixes published by the Workload Automation
Autosys Product team for the vulnerability CVE-2019-13656 reported
against Distributed Intelligence Architecture (DIA) shipped with C3
The script applypatch.bat for Windows and applypatch.sh for Linux and
Unix platforms when run should not produce any errors in its console
output. The script starts the NSM services at the end of the patch
application process. A successful patch application is manifested in
the form of all services coming up successfully.
CVE-2019-13656 - Ca Common Services remote code execution
CVE-2019-13656 - Fredrik Ravne, Oslo Boers
Version 1.0: Initial Release
CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications on the support site.
Customers who require additional information about this notice may
contact CA Technologies Support at https://casupport.broadcom.com/
To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at ca.psirt <AT> broadcom.com
Security Notices, PGP key, and disclosure policy and guidance
CA Product Security Incident Response Team
Copyright 2019 Broadcom. All Rights Reserved. The term "Broadcom"
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade
names, service marks and logos referenced herein belong to their
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----