Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105197 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041591 | Third Party Advisory VDB Entry |
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html | Patch Vendor Advisory |
https://www.exploit-db.com/exploits/45425/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ca
Published: 2018-08-29T00:00:00
Updated: 2018-09-19T09:57:01
Reserved: 2018-08-22T00:00:00
Link: CVE-2018-15691
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-30T14:29:01.737
Modified: 2021-04-12T14:17:08.763
Link: CVE-2018-15691
JSON object: View
Redhat Information
No data.
CWE