CVE-2014-8246 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Release Automation

Configuration 1 [-]

cpe:2.3:a:broadcom:release_automation:*:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2014/Dec/55
http://securitytracker.com/id?1031375
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx	Vendor Advisory
http://www.kb.cert.org/vuls/id/343060	Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/534246/100/0/threaded

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2014-12-16T23:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2014-10-12T00:00:00

Link: CVE-2014-8246

JSON object: View

NVD Information

Status : Modified

Published: 2014-12-16T23:59:03.607

Modified: 2021-04-12T14:14:24.010

Link: CVE-2014-8246

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx"}, {"name": "20141216 CA20141215-01: Security Notice for CA LISA Release Automation", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Dec/55"}, {"name": "VU#343060", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/343060"}, {"name": "20141215 CA20141215-01: Security Notice for CA LISA Release Automation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534246/100/0/threaded"}, {"name": "1031375", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1031375"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-8246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx", "refsource": "CONFIRM", "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx"}, {"name": "20141216 CA20141215-01: Security Notice for CA LISA Release Automation", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/55"}, {"name": "VU#343060", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/343060"}, {"name": "20141215 CA20141215-01: Security Notice for CA LISA Release Automation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534246/100/0/threaded"}, {"name": "1031375", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1031375"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-8246", "datePublished": "2014-12-16T23:00:00", "dateReserved": "2014-10-12T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:release_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E4E0882-BAA8-48DB-881E-DE73A6A351DB", "versionEndIncluding": "4.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en CA Release Automation (anteriormente iTKO LISA Release Automation) anterior a 4.7.1 b448 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2014-8246", "lastModified": "2021-04-12T14:14:24.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-12-16T23:59:03.607", "references": [{"source": "cret@cert.org", "url": "http://seclists.org/fulldisclosure/2014/Dec/55"}, {"source": "cret@cert.org", "url": "http://securitytracker.com/id?1031375"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/343060"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/534246/100/0/threaded"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}