Lucene search

[email protected]CVE-2018-15691

HistoryAug 30, 2018 - 2:29 p.m.

CVE-2018-15691

2018-08-3014:29:01

CWE-502

[email protected]

web.nvd.nist.gov

cve

insecure deserialization

arbitrary code execution

ca release automation 6.5

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.081 Low

EPSS

Percentile

94.3%

JSON

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.

Affected configurations

NVD

Node

broadcomrelease_automationRange6.3–6.3.0.9945

broadcomrelease_automationRange6.4–6.4.0.10119

broadcomrelease_automationRange6.5–6.5.0.10080

CPENameOperatorVersion
broadcom:release_automationbroadcom release automationlt6.3.0.9945
broadcom:release_automationbroadcom release automationlt6.4.0.10119
broadcom:release_automationbroadcom release automationlt6.5.0.10080

CPE	Name	Operator	Version
broadcom:release_automation	broadcom release automation	lt	6.3.0.9945
broadcom:release_automation	broadcom release automation	lt	6.4.0.10119
broadcom:release_automation	broadcom release automation	lt	6.5.0.10080

CNA Affected

[
  {
    "product": "Release Automation",
    "vendor": "CA Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "6.5 and earlier"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105197

www.securitytracker.com/id/1041591

support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.html

www.exploit-db.com/exploits/45425/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.081 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2018-15691

packetstorm1 prion1 cvelist1 zdt1 exploitpack1 nvd1 exploitdb1