Vulnerability CVE-2014-8246

Vulnerability CVE-2014-8246

Published: 2014-12-16 Modified: 2014-12-17

Description:

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	CA LISA Multiple Vulns	Ken Williams	16.12.2014

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
CA -> Release automation

References:

http://seclists.org/fulldisclosure/2014/Dec/55

http://securitytracker.com/id?1031375

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx

http://www.kb.cert.org/vuls/id/343060

http://www.securityfocus.com/archive/1/534246/100/0/threaded

Vulnerability CVE-2014-8246

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

See advisories in our WLB2 database:

Med.

CA LISA Multiple Vulns

CWE-352

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

6.8/10

6.4/10

8.6/10

Remote

Medium

No required

Partial

Partial

Partial

Affected software

References: