Deserialization of untrusted data

2019-12-0921:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.

CPENameOperatorVersion
nolioeq6.6

CPE	Name	Operator	Version
	nolio	eq	6.6

References

packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html

seclists.org/fulldisclosure/2019/Dec/16

seclists.org/bugtraq/2019/Dec/16

techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2