Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

 

Issued: September 4th, 2019

Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Common Services in the Distributed Intelligence Architecture (DIA) component. A vulnerability exists, CVE-2019-13656, that can allow a remote attacker to execute arbitrary code. CA published solutions to address the vulnerabilities and recommends that all affected customers implement these solutions immediately.

Risk Rating

High

Platform(s)

All supported platforms

Affected Products

CA Common Components DIA

CA Technologies products that bundle this software include:

CA Client Automation 14 and later versions

CA Workload Automation AE 11.3.5 and 11.3.6

How to determine if the installation is affected

Customers should review the Solution section to determine whether the fix is present.

CA Workload Automation Autosys:

The Distributed Intelligence Architecture (DIA) that installs with the 11.3.5 and 11.3.6 C3 DVD is vulnerable.

Solution

CA published the following solutions to address the vulnerabilities. Fixes are available on the CA support site.

CA Client Automation:

Windows

Solution: SO09605

Linux

Solution: SO09633

CA Workload Automation Autosys:

The following are the fixes published by the Workload Automation Autosys Product team for the vulnerability CVE-2019-13656 reported against Distributed Intelligence Architecture (DIA) shipped with C3 DVD.

Windows

Solution: SO09111

Linux

Solution: SO09057

HP-UX

Solution: SO09086

Solaris

Solution: SO09084

AIX

Solution: SO09085

Patch Validation

The script applypatch.bat for Windows and applypatch.sh for Linux and Unix platforms when run should not produce any errors in its console output. The script starts the NSM services at the end of the patch application process. A successful patch application is manifested in the form of all services coming up successfully.

References

CVE-2019-13656 - Ca Common Services remote code execution

Acknowledgement

CVE-2019-13656 - Fredrik Ravne, Oslo Børs

Change History

Version 1.0: Initial Release

 

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

Customers who require additional information about this notice may contact CA Technologies Support at https://casupport.broadcom.com/.

To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response TTeam.