CVE-2018-15691

CVE-2018-15691 affects CA Release Automation NiMi 6.5 and earlier. The root cause is insecure deserialization of a crafted serialized object, permitting potential arbitrary code execution. Documents describe a remote command execution vector via deserialization and note PoC exploits using Commons...

CVE-2014-8248

CVE-2014-8248 is a SQL injection in CA Release Automation (formerly iTKO LISA Release Automation) affecting versions up to 4.7.1 before the b448 hotfix. The root cause is insufficient input sanitization in the query path, enabling a remote authenticated user to execute arbitrary SQL. CA issued CA...

CVE-2015-8699

CVE-2015-8699 covers multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly CA LISA Release Automation). Affected are: 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026. The vulnerabilities allow remote attackers t...

CVE-2014-8246

CA Release Automation (formerly iTKO LISA Release Automation) contains a CSRF vulnerability in CVE-2014-8246 affecting versions up to 4.7.1 Build 413; 4.7.1 Build 448 fixes the issue. The vulnerability allows a remote attacker to perform privileged actions by hijacking an authenticated session vi...

CVE-2014-8247

CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 contains an XSS vulnerability (CVE-2014-8247) caused by insufficient input filtering. Remote attackers could inject arbitrary script/HTML via unspecified vectors, potentially affecting users’ sessions. CA’s security n...

CVE-2015-8698

CA Release Automation (formerly LISA Release Automation) is affected by an XML External Entity (XXE) issue. The vulnerability allows a remote attacker to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration with an entity reference. Affecte...