Cisco Security Advisory: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis=
co Security Advisory: Cisco Workload Automation and Tidal Enterpr=
ise Scheduler Client Manager Server Arbitrary File Read Vulnerabi=
lity=0D=0A=0D=0AAdvisory ID: cisco-sa-20170315-tes=0D=0A=0D=0ARev=
ision: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 15 16:00 GMT=
=0D=0A=0D=0ALast Updated: 2017 March 15 16:00 GMT=0D=0A=0D=0ACVE =
ID(s): CVE-2017-3846=0D=0A=0D=0ACVSS Score v(3): 8.6 CVSS:3.0/AV:=
N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N=0D=0A=0D=0A+--------------------=
-------------------------------------------------=0D=0A=0D=0ASumm=
ary=0D=0A=3D=3D=3D=3D=3D=3D=3D=0D=0AA vulnerability in the Client=
 Manager Server of Cisco Workload Automation and Cisco Tidal Ente=
rprise Scheduler could allow an unauthenticated, remote attacker =
to retrieve any file from the Client Manager Server.=0D=0A=0D=0AT=
he vulnerability is due to insufficient input validation. An atta=
cker could exploit this vulnerability by sending a crafted URL to=
 the Client Manager Server. An exploit could allow the attacker t=
o retrieve any file from the Cisco Workload Automation or Cisco T=
idal Enterprise Scheduler Client Manager Server.=0D=0A=0D=0ACisco=
 has released software updates that address this vulnerability. T=
here are no workarounds that address this vulnerability.=0D=0A=0D=0A=
This advisory is available at the following link:=0D=0Ahttps://to=
ols.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco=
-sa-20170315-tes ["https://tools.cisco.com/security/center/conten=
t/CiscoSecurityAdvisory/cisco-sa-20170315-tes"]=0D=0A=0D=0A-----B=
EGIN PGP SIGNATURE-----=0D=0A=0D=0AiQKBBAEBAgBrBQJYyWWrZBxDaXNjby=
BTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg=0D=0ASW5jaWRlbnQgUmVzcG9uc2UgV=
GVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx=0D=0ANykgPHBzaXJ0QGNpc2Nv=
LmNvbT4ACgkQrz2APcQAkHlc+Q/+NaDFV8ZqaPeGvBEm=0D=0A46PrfX/+OeR2y86=
9YrW7TzIayWy7WWGVZTZC/01NQUnS+YZUpqzHaMNpNjgNrudL=0D=0AS6hP4VrFEY=
WdSMYcqNw4k/S9ZSQPilJdyZ+0Z8CgJR9R0NtaC5m6MUbdqfmdA7+0=0D=0AJrsHW=
iyWJV6t4WdxdPf6qOeLHO4lKhpkSIMhwQdhKzF7S9P8qzsKJZAfApArzrsb=0D=0A=
JpvUMA17gGBNCiEKIBYohxJ8BKKwdFOQb8W5Oh+rnRxktRHd+zsEtHPPg0QYZe49=0D=0A=
XO4usDU9PPZCeA5Z25bBucNgIG96yTt4xM6TfZKeG9cqPAM8HbsWrk/coXM2Z5Ts=0D=0A=
NKPpvE3snKwPdCADb12IF25FCiPCVyZiVhyb76n0ViiGTTu7MxjFJJ7mR5Sp3D1M=0D=0A=
vOS8Ha21SdW0Phlf3w8S8J73gw7aqd4jU2hghAHkBOqzxvyrjYSsbKbENt0zv9p7=0D=0A=
t1F0HwKV8hY+gUiK49+fqaH+Sq8MFVJAdX1LVqa/cyqwZzGO1i5uVHDp6PQ94ZBC=0D=0A=
XLhTgZnx/kTg6uJshmpd9scKaRB0IvSzPYiWm+C66ss9dIgLJwj8PfXnt5pwnMzb=0D=0A=
J0aJydejldPn896Y4GG4tBJd+mD4uNImqsLH4iRnB4RXnjOH6sEaf9REammL5C+j=0D=0A=
weZFM3KTJLnOjdAs2rMOaCfp60s=3D=0D=0A=3DHobL=0D=0A-----END PGP SIG=
NATURE-----=0D=0A