Vulnerability Note VU#343060
CA LISA Release Automation contains multiple vulnerabilities
CA LISA Release Automation 126.96.36.1995 contains multiple vulnerabilities
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2014-8246
CA LISA Release Automation 188.8.131.525 contains a global Cross-Site Request Forgery (CSRF) vulnerability. The application allows a malicious user to perform actions on the site with the same permissions as the victim. This vulnerability requires the attacker to be authenticated and have an active session.
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session, elevate privileges, or perform actions as an authenticated user.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CA Technologies||Affected||23 Oct 2014||17 Dec 2014|
CVSS Metrics (Learn More)
Thanks to Julian Horoszkiewicz and Lukasz Plonka for reporting these vulnerabilities.
This document was written by Chris King.
- CVE IDs: CVE-2014-8246 CVE-2014-8247 CVE-2014-8248
- Date Public: 15 Dec 2014
- Date First Published: 15 Dec 2014
- Date Last Updated: 17 Dec 2014
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.