Vulnerability CVE-2014-8247

Vulnerability CVE-2014-8247

Published: 2014-12-16 Modified: 2014-12-17

Description:

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	CA LISA Multiple Vulns	Ken Williams	16.12.2014

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
CA -> Release automation

References:

http://seclists.org/fulldisclosure/2014/Dec/55

http://securitytracker.com/id?1031375

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx

http://www.kb.cert.org/vuls/id/343060

http://www.securityfocus.com/archive/1/534246/100/0/threaded

Vulnerability CVE-2014-8247

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

See advisories in our WLB2 database:

Med.

CA LISA Multiple Vulns

CWE-79

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

4.3/10

2.9/10

8.6/10

Remote

Medium

No required

None

Partial

None

Affected software

References: