The vulnerability of the CA Release Automation system arises from the restoration of an unreliable data structure in memory, allowing a perpetrator to execute arbitrary code.

🗓️ 14 Sep 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

CA Release Automation allows remote code execution by restoring an unreliable in-memory data structure via a crafted serialized object.

Reporter	Title	Published	Views	Family All 9
0day.today	CA Release Automation NiMi 6.5 - Remote Command Execution Exploit	18 Sep 201800:00	–	zdt
CVE	CVE-2018-15691	30 Aug 201814:00	–	cve
Cvelist	CVE-2018-15691	30 Aug 201814:00	–	cvelist
Exploit DB	CA Release Automation NiMi 6.5 - Remote Command Execution	17 Sep 201800:00	–	exploitdb
exploitpack	CA Release Automation NiMi 6.5 - Remote Command Execution	17 Sep 201800:00	–	exploitpack
NVD	CVE-2018-15691	30 Aug 201814:29	–	nvd
OSV	CVE-2018-15691	30 Aug 201814:29	–	osv
Packet Storm	CA Release Automation NiMi 6.5 Remote Command Execution	19 Sep 201800:00	–	packetstorm
Prion	Deserialization of untrusted data	30 Aug 201814:29	–	prion

Vulners

Node

ca_technologies ca_release_automationMatch6.3.0

OR

ca_technologies ca_release_automationMatch6.4.0

OR

ca_technologies ca_release_automationMatch6.5.0

Source	Link
securitylab	www.securitylab.ru/vulnerability/495397.php
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2018090201
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6Medium risk

Vulners AI Score6

CVSS 39.8

CVSS 210

EPSS0.41674

Release Automation Remote code execution Crafted serialized object Unreliable data structure