CVE-2019-6689
HIGHDillon Kane Tidal Workload Automation Agent 3.2.0.5 - Command Injection via Tidal Job Buffers Parameters
Title source: llmDescription
An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://ashsecurity.wordpress.com/2019/04/25/an-improper-cisco-fix-for-cve-2014-3272/
Scores
CVSS v3
7.8
EPSS
0.0075
EPSS Percentile
50.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
dillonkane/tidal_workload_automation
3.2.0.5
Published
Apr 26, 2019
Tracked Since
Feb 18, 2026