CVE-2014-8246 — Cross-Site Request Forgery in Release Automation

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 39.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Release Automation

Timeline

PublishedDec 16

Latest updateMay 13

Description

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDbroadcom/release_automation4.7.1

🔴Vulnerability Details

GHSA

GHSA-383p-xxqc-c9c5: Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4↗2022-05-13

▶

CVEList

CVE-2014-8246: Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4↗2014-12-16

▶