CA LISA Release Automation 220.127.116.115 contains multiple vulnerabilities
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2014-8246
CA LISA Release Automation 18.104.22.1685 contains a global Cross-Site Request Forgery (CSRF) vulnerability. The application allows a malicious user to perform actions on the site with the same permissions as the victim. This vulnerability requires the attacker to be authenticated and have an active session.
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session, elevate privileges, or perform actions as an authenticated user.
Thanks to Julian Horoszkiewicz and Lukasz Plonka for reporting these vulnerabilities.
This document was written by Chris King.