Vulnerabilities > CVE-2019-19230 - Deserialization of Untrusted Data vulnerability in Broadcom Nolio 6.6

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

broadcom

CWE-502

NVD

Published: 2019-12-09

Updated: 2019-12-12

Summary

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Nolio 6.6	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

http://packetstormsecurity.com/files/155631/CA-Nolio-6.6-Arbitrary-Code-Execution.html
http://seclists.org/fulldisclosure/2019/Dec/16
https://seclists.org/bugtraq/2019/Dec/16
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20191209-01-security-notice-for-ca-nolio-release-automation.html?r=2