CVE-2015-8698

7.1HIGH

Key Information:

Vendor
Broadcom
Status
Release Automation
Vendor
CVE Published:
29 June 2016

Summary

CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://www.securitytracker.com/id/1036193
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91497
vdb-entryx_refsource_BID
http://www.ca.com/us/support/ca-support-online/product-co...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.