CVE-2014-8246: CSRF
First published: Tue Dec 16 2014(Updated: )
Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Release Automation | <=4.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2014/Dec/55
- http://securitytracker.com/id?1031375
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx
- http://www.kb.cert.org/vuls/id/343060
- http://www.securityfocus.com/archive/1/534246/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2014-8246?
CVE-2014-8246 has a medium severity rating due to its potential for cross-site request forgery attacks.
How do I fix CVE-2014-8246?
To fix CVE-2014-8246, upgrade CA Release Automation to version 4.7.1 or later.
What type of vulnerability is CVE-2014-8246?
CVE-2014-8246 is a cross-site request forgery (CSRF) vulnerability.
Who is affected by CVE-2014-8246?
Users of CA Release Automation versions prior to 4.7.1 are affected by CVE-2014-8246.
What can attackers do with CVE-2014-8246?
Attackers can hijack the authentication of users through CVE-2014-8246, allowing unauthorized actions on their behalf.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/broadcom
- canonical/broadcom release automation
- version/broadcom release automation/4.7.1