Cross-Site Request Forgery Vulnerability in CA Release Automation by CA Technologies
CVE-2014-8246

Currently unrated

Key Information:

Vendor: Broadcom
Status: Release Automation
Vendor: CVE Published:; 16 December 2014

What is CVE-2014-8246?

A cross-site request forgery (CSRF) vulnerability in CA Release Automation (previously known as iTKO LISA Release Automation) prior to version 4.7.1 b448 permits remote attackers to exploit the authentication of unsuspecting users through unconfirmed methods. Successful exploitation could lead to unauthorized actions performed on behalf of a victim user within the application, showcasing the critical need for robust security measures and user education.

References

http://www.ca.com/us/support/ca-support-online/product-co...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Dec/55

mailing-listx_refsource_FULLDISC

http://www.kb.cert.org/vuls/id/343060

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Dec 16, 2014
Vulnerability Reserved
Oct 12, 2014

Broadcom

What is CVE-2014-8246?

References

Timeline