Workload Automation
by HCL Software
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28009 | 0.00 | — | 0.01 | Apr 26, 2023 | HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||
| CVE-2023-28008 | 0.00 | — | 0.01 | Apr 26, 2023 | HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||
| CVE-2022-38661 | 0.00 | — | 0.00 | Nov 4, 2022 | HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | |||
| CVE-2020-4674 | 0.00 | — | 0.01 | Jan 12, 2021 | IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | |||
| CVE-2020-4673 | 0.00 | — | 0.01 | Jan 12, 2021 | IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. | |||
| CVE-2019-6504 | 0.00 | — | 0.02 | Feb 6, 2019 | Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. |
- CVE-2023-28009Apr 26, 2023risk 0.00cvss —epss 0.01
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- CVE-2023-28008Apr 26, 2023risk 0.00cvss —epss 0.01
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- CVE-2022-38661Nov 4, 2022risk 0.00cvss —epss 0.00
HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash.
- CVE-2020-4674Jan 12, 2021risk 0.00cvss —epss 0.01
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.
- CVE-2020-4673Jan 12, 2021risk 0.00cvss —epss 0.01
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.
- CVE-2019-6504Feb 6, 2019risk 0.00cvss —epss 0.02
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.